CVE-2006-2023
published 2006-04-25CVE-2006-2023: Integer overflow in the RTSP_msg_len function in rtsp/RTSP_msg_len.c in Fenice 1.10 and earlier allows remote attackers to cause a denial of service…
PriorityP415medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
2.31%
81.2th percentile
Integer overflow in the RTSP_msg_len function in rtsp/RTSP_msg_len.c in Fenice 1.10 and earlier allows remote attackers to cause a denial of service (application crash) via a large HTTP Content-Length value, which leads to an invalid memory access.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ls3 | fenice | <= 1.10 | — |
| msrc | cbl2_kernel_5.15.111.1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| msrc | cm1_kernel_5.10.181.1-1_on_cbl_mariner_1.0 | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_msrc7.0HIGH
vendor_redhat7.0HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v8xf-8jc2-gv9f: Integer overflow in the RTSP_msg_len function in rtsp/RTSP_msg_len
ghsa_unreviewed·2022-05-01
CVE-2006-2023 [MEDIUM] GHSA-v8xf-8jc2-gv9f: Integer overflow in the RTSP_msg_len function in rtsp/RTSP_msg_len
Integer overflow in the RTSP_msg_len function in rtsp/RTSP_msg_len.c in Fenice 1.10 and earlier allows remote attackers to cause a denial of service (application crash) via a large HTTP Content-Length value, which leads to an invalid memory access.
Red Hat
kernel: rxrpc: race condition between connection bundle lookup and removal
vendor_redhat·2023-04-13·CVSS 7.0
CVE-2023-2006 [HIGH] CWE-362 kernel: rxrpc: race condition between connection bundle lookup and removal
kernel: rxrpc: race condition between connection bundle lookup and removal
A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel.
A race condition was found in the Linux kernel's RxRPC network protocol within the processing of RxRPC bundles. This issue results from improper locking when performing operations on an object. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of the kernel.
Statement: Red Hat Enterprise Linux 6, 7, 8 and 9 are not affected by this flaw as they did not include sup
Microsoft
A race condition was found in the Linux kernel's RxRPC network protocol within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an obje
vendor_msrc·2023-04-11·CVSS 7.0
CVE-2023-2006 [HIGH] CWE-362 A race condition was found in the Linux kernel's RxRPC network protocol within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an obje
A race condition was found in the Linux kernel's RxRPC network protocol within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 202
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://aluigi.altervista.org/adv/fenicex-adv.txthttp://secunia.com/advisories/19770http://securityreason.com/securityalert/794http://www.osvdb.org/24882http://www.securityfocus.com/archive/1/431870/100/0/threadedhttp://www.securityfocus.com/archive/1/436256/100/0/threadedhttp://www.securityfocus.com/bid/17678http://www.vupen.com/english/advisories/2006/1491https://exchange.xforce.ibmcloud.com/vulnerabilities/26080http://aluigi.altervista.org/adv/fenicex-adv.txthttp://secunia.com/advisories/19770http://securityreason.com/securityalert/794http://www.osvdb.org/24882http://www.securityfocus.com/archive/1/431870/100/0/threadedhttp://www.securityfocus.com/archive/1/436256/100/0/threadedhttp://www.securityfocus.com/bid/17678http://www.vupen.com/english/advisories/2006/1491https://exchange.xforce.ibmcloud.com/vulnerabilities/26080
2006-04-25
Published