VDB
CVE-2002-2438
CVE-2002-2438
PUBLISHED
CVSS 7.5 HIGH
TCP firewalls could be circumvented by sending a SYN Packets with other flags (like e.g. RST flag) set, which was not correctly discarded by the Linux TCP stack after firewalling.
EPSS 8.19% · 92.4th percentile
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
8.19%
92.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | kernel | before Linux kernel 2.4.20 |
| linux | linux_kernel | 0 |
Timeline
- May 18, 2021 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- [oss-security] 20120530 Re: CVE Request -- kernel: tcp: drop SYN+FIN messages mailing-list
- [oss-security] 20120530 Re: CVE Request -- kernel: tcp: drop SYN+FIN messages mailing-list
- [oss-security] 20120530 Re: CVE Request -- kernel: tcp: drop SYN+FIN messages mailing-list
- [oss-security] 20120530 Re: CVE Request -- kernel: tcp: drop SYN+FIN messages mailing-list
- [oss-security] 20120530 Re: CVE Request -- kernel: tcp: drop SYN+FIN messages mailing-list
- http://www.openwall.com/lists/oss-security/2012/05/31/3 mailing_list
- [oss-security] 20120203 Re: CVE Request (2002): Linux TCP stack could accept invalid TCP flag combinations mailing-list
- [oss-security] 20120529 Re: CVE Request (2002): Linux TCP stack could accept invalid TCP flag combinations mailing-list
- [oss-security] 20140212 Re: Old CVE ids, public, but still "RESERVED" mailing-list
- [oss-security] 20120530 Re: CVE Request -- kernel: tcp: drop SYN+FIN messages mailing-list
- [oss-security] 20120530 CVE Request -- kernel: tcp: drop SYN+FIN messages mailing-list
- VU#464113 third-party-advisory
- https://www.kb.cert.org/vuls/id/464113%2C url
- https://bugzilla.suse.com/show_bug.cgi?id=744994%2C url
- https://www.openwall.com/lists/oss-security/2012/02/03/7 url
- https://security.netapp.com/advisory/ntap-20210727-0003/ url
- https://nvd.nist.gov/vuln/detail/CVE-2002-2438 advisory
- https://bugzilla.suse.com/show_bug.cgi?id=744994, url
- https://security.netapp.com/advisory/ntap-20210727-0003 url
- https://www.kb.cert.org/vuls/id/464113, url