CVE-2017-7482

CWE-190Integer Overflow14 documents9 sources
Severity
7.8HIGH
EPSS
0.2%
top 63.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux Linux Kernel[unknown] Kernel:Debian Debian Linux+1 more
Timeline
PublishedJul 30
Latest updateMay 13

Description

In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel3.33.10.108+7
Debianlinux< 4.11.11-1+3
CVEListV5[unknown]/kernel:4.12

Also affects: Debian Linux 8.0, 9.0

Patches

Patch: seclists.orgPatch: bugzilla.redhat.comPatch: git.kernel.org

🔴Vulnerability Details

4
GHSA
GHSA-2x6j-879g-gpqr: In the Linux kernel before version 42022-05-13
OSV
CVE-2017-7482: In the Linux kernel before version 42018-07-30
CVEList
CVE-2017-7482: In the Linux kernel before version 42018-07-30
Kernel
rxrpc: Fix several cases where a padded len isn't checked in ticket decode2017-06-15

📋Vendor Advisories

7
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities2017-08-07
Ubuntu
Linux kernel vulnerabilities2017-08-07
Ubuntu
Linux kernel (HWE) vulnerabilities2017-08-03
Ubuntu
Linux kernel vulnerabilities2017-08-03
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities2017-08-03

💬Community

2
Bugzilla
CVE-2017-7482 kernel: net/rxrpc: overflow in decoding of krb5 principal [fedora-all]2017-06-26
Bugzilla
CVE-2017-7482 kernel: net/rxrpc: overflow in decoding of krb5 principal2017-04-27