| Vulnerability Name: | CVE-2010-0751 (CCN-57428) | ||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2010-03-14 | ||||||||||||||||||||||||||||||||||||||||
| Published: | 2010-03-14 | ||||||||||||||||||||||||||||||||||||||||
| Updated: | 2020-08-05 | ||||||||||||||||||||||||||||||||||||||||
| Summary: | The ip_evictor function in ip_fragment.c in libnids before 1.24, as used in dsniff and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via crafted fragmented packets. | ||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-476 | ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2010-0751 Source: CCN Type: libnids Release Notes fixed another remotely triggerable NULL dereference in ip_fragment.c Source: CONFIRM Type: Product, Third Party Advisory http://freefr.dl.sourceforge.net/project/libnids/libnids/1.24/libnids-1.24.releasenotes.txt Source: CCN Type: linnids Web site libnids Source: FEDORA Type: Third Party Advisory FEDORA-2010-5535 Source: FEDORA Type: Third Party Advisory FEDORA-2010-5545 Source: FEDORA Type: Third Party Advisory FEDORA-2010-5562 Source: CCN Type: SA39225 Libnids NULL Pointer Dereference Denial of Service Source: SECUNIA Type: Third Party Advisory 39225 Source: SECUNIA Type: Third Party Advisory 39249 Source: CCN Type: OSVDB ID: 63427 Libnids src/ip_fragment.c ip_evictor Function Crafted Packet NULL Dereference Remote DoS Source: BID Type: Third Party Advisory, VDB Entry 39142 Source: CCN Type: BID-39142 Libnids 'ip_fragment.c' Null Pointer Deference Remote Denial of Service Vulnerability Source: VUPEN Type: Third Party Advisory ADV-2010-0777 Source: VUPEN Type: Third Party Advisory ADV-2010-0791 Source: MISC Type: Exploit, Third Party Advisory http://xorl.wordpress.com/2010/04/04/libnids-ip-fragmentation-remote-null-pointer-dereference/ Source: XF Type: Third Party Advisory, VDB Entry libnids-ipfragment-dos(57428) Source: XF Type: UNKNOWN libnids-ipfragment-dos(57428) | ||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||