CVE-2004-1190 — Regex Denial of Service in Linux

CWE-1333 — Regex Denial of Service8 documents6 sources

Severity

2.1LOWNVD

GHSA5.0

EPSS

0.1%

top 75.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Suse Linux

Timeline

PublishedJan 10

Latest updateMay 2

Description

SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not properly check commands sent to CD devices that have been opened read-only, which could allow local users to conduct unauthorized write activities to modify the firmware of associated SCSI devices.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDsuse/suse_linux8.1, 8.2, 9.0+2

Patches

Patch: www.novell.com ↗Patch: www.novell.com ↗

🔴Vulnerability Details

GHSA

Spring Framework Inefficient Regular Expression Complexity↗2022-05-02

▶

GHSA

GHSA-6q77-qw67-r7r7: SUSE Linux before 9↗2022-04-29

▶

CVEList

CVE-2004-1190: SUSE Linux before 9↗2004-12-15

▶

📋Vendor Advisories

Red Hat

Spring Framework Remote Denial of Service vulnerability↗2009-04-22

▶

Red Hat

security flaw↗2004-07-30

▶

💬Community

Bugzilla

CVE-2004-1190 security flaw↗2018-08-16

▶

Bugzilla

CVE-2004-1190 Continued raw access issues↗2005-05-26

▶