cbcvebase.
CVE-2011-2189
published 2011-10-10

CVE-2011-2189: net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes…

PriorityP355high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
17.84%
96.8th percentile
net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd.

Affected

15 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debiandebian_linux
debiandebian_linux
debianvsftpd< vsftpd 2.3.4-1 (bookworm)vsftpd 2.3.4-1 (bookworm)
linuxlinux_kernel<= 2.6.32
redhatenterprise_linux
redhatenterprise_mrg
vsftpd_projectvsftpd>= 0 < 2.3.4-12.3.4-1
vsftpd_projectvsftpd>= 0 < 2.3.4-12.3.4-1
vsftpd_projectvsftpd>= 0 < 2.3.4-12.3.4-1
vsftpd_projectvsftpd>= 0 < 2.3.4-12.3.4-1

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.