Published: 20/11/2013 Updated: 19/05/2023

CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6

VMScore: 633

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

The udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux kernel up to and including 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly perform a certain size comparison before inserting a fragment header, which allows remote malicious users to cause a denial of service (panic) via a large IPv6 UDP packet, as demonstrated by use of the Token Bucket Filter (TBF) queueing discipline.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
canonical ubuntu linux 13.10
canonical ubuntu linux 12.04

Several security issues were fixed in the kernel ...

CWE-189 http://www.openwall.com/lists/oss-security/2013/11/13/9 https://github.com/torvalds/linux/commit/0e033e04c2678dbbe74a46b23fffb7bb918c288e https://bugzilla.redhat.com/show_bug.cgi?id=1030015 http://www.ubuntu.com/usn/USN-2113-1 http://www.ubuntu.com/usn/USN-2117-1 http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0e033e04c2678dbbe74a46b23fffb7bb918c288e https://nvd.nist.gov https://usn.ubuntu.com/2117-1/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-4563

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect