Vulnerability Name:

CVE-2013-7470 (CCN-169546)

Assigned:2013-10-17
Published:2013-10-17
Updated:2021-11-17
Summary:cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstrated by icmpsic, a different vulnerability than CVE-2013-0310.
CVSS v3 Severity:5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:7.1 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-400
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2013-7470

Source: MISC
Type: Vendor Advisory
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.7

Source: XF
Type: UNKNOWN
linux-kernel-cve20137470-dos(169546)

Source: MISC
Type: Patch, Vendor Advisory
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f2e5ddcc0d12f9c4c7b254358ad245c9dddce13b

Source: CCN
Type: Linux Kernel GIT Repository
net: fix cipso packet validation when !NETLABEL

Source: MISC
Type: Third Party Advisory, Patch
https://github.com/torvalds/linux/commit/f2e5ddcc0d12f9c4c7b254358ad245c9dddce13b

Source: CONFIRM
Type: UNKNOWN
https://support.f5.com/csp/article/K21914362

Source: MISC
Type: UNKNOWN
https://www.arista.com/en/support/advisories-notices/security-advisories/7098-security-advisory-40

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-7470

Vulnerable Configuration:Configuration 1:
  • cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version < 3.11.7)

    • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:3.11.4:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.11.3:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.11.2:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.11:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.11.1:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.11.5:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.11.6:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.ubuntu.disco:def:201374700000000
    V
    		CVE-2013-7470 on Ubuntu 19.04 (disco) - medium.
    2019-04-23
    oval:com.ubuntu.bionic:def:201374700000000
    V
    		CVE-2013-7470 on Ubuntu 18.04 LTS (bionic) - medium.
    2019-04-23
    oval:com.ubuntu.xenial:def:201374700000000
    V
    		CVE-2013-7470 on Ubuntu 16.04 LTS (xenial) - medium.
    2019-04-23
    oval:com.ubuntu.cosmic:def:20137470000
    V
    		CVE-2013-7470 on Ubuntu 18.10 (cosmic) - medium.
    2019-04-22
    oval:com.ubuntu.cosmic:def:201374700000000
    V
    		CVE-2013-7470 on Ubuntu 18.10 (cosmic) - medium.
    2019-04-22
    oval:com.ubuntu.bionic:def:20137470000
    V
    		CVE-2013-7470 on Ubuntu 18.04 LTS (bionic) - medium.
    2019-04-22
    oval:com.ubuntu.xenial:def:20137470000
    V
    		CVE-2013-7470 on Ubuntu 16.04 LTS (xenial) - medium.
    2019-04-22
    oval:com.ubuntu.trusty:def:20137470000
    V
    		CVE-2013-7470 on Ubuntu 14.04 LTS (trusty) - medium.
    2019-04-22
    BACK
    linux linux kernel *
    linux linux kernel 3.11.4
    linux linux kernel 3.11.3
    linux linux kernel 3.11.2
    linux linux kernel 3.11
    linux linux kernel 3.11.1
    linux linux kernel 3.11.5
    linux linux kernel 3.11.6