CVE-2009-0778

CWE-772CWE-400Uncontrolled Resource Consumption5 documents5 sources
Severity
7.1HIGH
EPSS
1.5%
top 19.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Linux Linux KernelVmware ESXVmware Server+3 more
Timeline
PublishedMar 12
Latest updateMay 2

Description

The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an "rt_cache leak."

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages6 packages

NVDlinux/linux_kernel2.6.24.7+228
NVDvmware/esx4 versions+3
NVDvmware/vma4.0
NVDvmware/server2.0.0

🔴Vulnerability Details

2
GHSA
GHSA-2327-m5w2-rg7f: The icmp_send function in net/ipv4/icmp2022-05-02
CVEList
CVE-2009-0778: The icmp_send function in net/ipv4/icmp2009-03-12

📋Vendor Advisories

1
Red Hat
kernel: rt_cache leak leads to lack of network connectivity2008-03-26

💬Community

1
Bugzilla
CVE-2009-0778 kernel: rt_cache leak leads to lack of network connectivity2009-02-12
CVE-2009-0778 (HIGH CVSS 7.1) | The icmp_send function in net/ipv4/ | cvebase.io