Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1137Kernel vulnerability

7 documents7 sources
Severity
10.0CRITICALNVD
EPSS
15.8%
top 5.25%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Linux KernelUbuntu Linux
Timeline
PublishedJan 10
Latest updateApr 29

Description

Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial of service or execute arbitrary code via (1) the ip_mc_source function, which decrements a counter to -1, or (2) the igmp_marksources function, which does not properly validate IGMP message parameters and performs an out-of-bounds read.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDlinux/linux_kernel42 versions+41

Also affects: Ubuntu Linux 4.1

🔴Vulnerability Details

2
GHSA
GHSA-vqwc-f978-m55f: Multiple vulnerabilities in the IGMP functionality for Linux kernel 22022-04-29
CVEList
CVE-2004-1137: Multiple vulnerabilities in the IGMP functionality for Linux kernel 22004-12-15

💥Exploits & PoCs

1
Exploit-DB
Linux Kernel 2.4.22-28/2.6.9 - 'igmp.c' Local Denial of Service2004-12-14

📋Vendor Advisories

2
Ubuntu
Linux kernel vulnerabilities2004-12-15
Red Hat
security flaw2004-12-14

💬Community

1
Bugzilla
CVE-2004-1137 security flaw2018-08-16
CVE-2004-1137 — Linux Kernel vulnerability | cvebase