CVE-2007-4997 — Vulnetix

Try Vulnetix Request Demo

CVE-2007-4997 PUBLISHED CVSS 7.099999904632568 HIGH

Integer underflow in the ieee80211_rx function in net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set, aka an "off-by-two error."

EPSS 5.39% · 90.1th percentile

Risk Scores

CVSS v2.0

7.099999904632568

EPSS Score

5.39%

90.1th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
linux	linux_kernel	0

Timeline

Nov 6, 2007 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 3, 2022 CVE Updated
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score
Aug 31, 2023 EPSS Score

References

http://www.securityfocus.com/bid/26337 technical
28162 third-party-advisory
RHSA-2007:1104 vendor-advisory
28806 third-party-advisory
28706 third-party-advisory
kernel-ieee80211-dos(38247) vdb
MDKSA-2007:226 vendor-advisory
27824 third-party-advisory
MDVSA-2008:008 vendor-advisory
SUSE-SA:2007:059 vendor-advisory
DSA-1428 vendor-advisory
27912 third-party-advisory
28033 third-party-advisory
RHSA-2007:0993 vendor-advisory
oval:org.mitre.oval:def:10596 vdb
USN-558-1 vendor-advisory
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23 url
MDVSA-2008:105 vendor-advisory
SUSE-SA:2007:064 vendor-advisory
SUSE-SA:2008:006 vendor-advisory

…and 12 more

Open in Interactive Console →