DEBIAN-CVE-2017-9074

DEBIAN-CVE-2017-9074 PUBLISHED CVSS 7.800000190734863 HIGH

The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.

Risk Scores

CVSS v3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:11	linux	0, 0, 0
Debian:12	linux	0, 0, 0
Debian:13	linux	0, 0, 0
Debian:14	linux	0, 0, 0

Timeline

May 19, 2017 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2017-9074 advisory

Open in Interactive Console →