CVE-2017-17805
CVSS v3.1
7.8 (High)
CVSS v2.0
7.2 (High)
EPSS
0.04 % (11th)
Affected Products
8
Advisories
31
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.
Weaknesses
- CWE-20
- Improper Input Validation
- CVE Status
- PUBLISHED
- CNA
- MITRE
- Published Date
-
2017-12-20 23:29:00
(6 years ago) - Updated Date
-
2023-01-19 15:45:33
(20 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...