Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-3672

6 documents6 sources

Severity

2.6LOW

EPSS

5.6%

top 9.66%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

KDE Konqueror

Timeline

PublishedJul 18

Latest updateMay 1

Description

KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0 (zero) argument.

CVSS vector

AV:N/AC:H/C:N/I:N/A:PExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

▶NVDkde/konqueror3.5.1+23

🔴Vulnerability Details

GHSA

GHSA-j3rv-24cr-43x3: KDE Konqueror 3↗2022-05-01

▶

CVEList

CVE-2006-3672: KDE Konqueror 3↗2006-07-18

▶

💥Exploits & PoCs

Exploit-DB

KDE Konqueror 3.5.x - ReplaceChild Denial of Service↗2006-07-14

▶

📋Vendor Advisories

Ubuntu

Konqueror vulnerability↗2006-07-25

▶

Red Hat

CVE-2006-3672: KDE Konqueror 3↗

▶