CVE-2008-2358 — Vulnetix

Try Vulnetix Request Demo

CVE-2008-2358 PUBLISHED CVSS 7.199999809265137 HIGH

Integer overflow in the dccp_feat_change function in net/dccp/feat.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.18, and 2.6.17 through 2.6.20, allows local users to gain privileges via an invalid feature length, which leads to a heap-based buffer overflow.

EPSS 0.07% · 20.2th percentile

Risk Scores

CVSS v2.0

7.199999809265137

EPSS Score

0.07%

20.2th percentile

Affected Products

Vendor	Product	Versions
linux	linux_kernel	2.6.17, 2.6.18, 2.6.19
n/a	n/a	n/a

Timeline

Jun 10, 2008 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score

References

30000 third-party-advisory
29603 vdb
https://bugzilla.redhat.com/show_bug.cgi?id=447389 url
RHSA-2008:0519 vendor-advisory
MDVSA-2008:167 vendor-advisory
30849 third-party-advisory
oval:org.mitre.oval:def:9644 vdb
MDVSA-2008:112 vendor-advisory
30920 third-party-advisory
1020211 vdb
31107 third-party-advisory
FEDORA-2008-5893 vendor-advisory
USN-625-1 vendor-advisory
DSA-1592 vendor-advisory
SUSE-SA:2008:030 vendor-advisory
30818 third-party-advisory
linux-kernel-dccpfeatchange-bo(43034) vdb
https://nvd.nist.gov/vuln/detail/CVE-2008-2358 advisory

Open in Interactive Console →