CVE-2007-6282 — Redhat Enterprise Linux vulnerability

CWE-165 documents5 sources

Severity

7.1HIGHNVD

EPSS

2.4%

top 14.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Linux Redhat Enterprise Linux Desktop

Timeline

PublishedMay 8

Latest updateMay 1

Description

The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service (crash) via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages1 packages

▶NVDredhat/enterprise_linux_desktop4

Also affects: Enterprise Linux as_4, es_4, ws_4

🔴Vulnerability Details

GHSA

GHSA-q9hv-wmpx-m7g2: The IPsec implementation in Linux kernel before 2↗2022-05-01

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2008-07-15

▶

Red Hat

IPSec ESP kernel panics↗2008-02-22

▶

💬Community

Bugzilla

CVE-2007-6282 IPSec ESP kernel panics↗2007-11-29

▶