Closed mend-for-github-com[bot] closed 1 year ago
:information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #39
:information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #39
Vulnerable Library - linuxlinux-2.6.39.2
Apache Software Foundation (ASF)
Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/?wsslib=linux
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Vulnerable Source Files (3)
/release/src-rt-7.14.114.x/src/linux/linux-2.6.36/fs/readdir.c /release/src-rt-7.14.114.x/src/linux/linux-2.6.36/fs/readdir.c /release/src-rt-7.14.114.x/src/linux/linux-2.6.36/fs/readdir.c
Vulnerabilities
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9aacdd354d197ad64685941b36d28ea20ab88757 | ❌ | | CVE-2021-45868 | Medium | 5.5 | linuxlinux-2.6.39.2 | Direct | v4.4.293,v4.9.291,v4.14.256,v4.19.218,v5.4.160,v5.10.80,v5.14.19,v5.15.3,v5.16-rc1 | ❌ | | CVE-2020-8992 | Medium | 5.5 | linuxlinux-2.6.39.2 | Direct | v5.6-rc2,v5.4.21,v5.5.5 | ❌ | | CVE-2017-18232 | Medium | 5.5 | linuxlinux-2.6.39.2 | Direct | v4.16-rc1,v4.14.192 | ❌ | | CVE-2014-7975 | Medium | 5.5 | linuxlinux-2.6.39.2 | Direct | kernel-rt-trace-devel - 3.10.0-693.rt56.617;kernel-rt-debug-kvm - 3.10.0-693.rt56.617;kernel-bootwrapper - 3.10.0-693,3.10.0-693;perf - 3.10.0-693,3.10.0-693,3.10.0-693;kernel-debuginfo - 3.10.0-693;kernel-debug-devel - 3.10.0-693,3.10.0-693,3.10.0-693;kernel-tools-libs - 3.10.0-693,3.10.0-693,3.10.0-693;perf-debuginfo - 3.10.0-693;kernel-debug-debuginfo - 3.10.0-693;kernel-debug - 3.10.0-693,3.10.0-693,3.10.0-693;kernel-devel - 3.10.0-693,3.10.0-693,3.10.0-693;kernel - 3.10.0-693,3.10.0-693,3.10.0-693,3.10.0-693;kernel-rt-debug-devel - 3.10.0-693.rt56.617;python-perf - 3.10.0-693,3.10.0-693,3.10.0-693;kernel-rt-debug - 3.10.0-693.rt56.617;kernel-rt-devel - 3.10.0-693.rt56.617;kernel-tools - 3.10.0-693,3.10.0-693,3.10.0-693;kernel-rt-trace-kvm - 3.10.0-693.rt56.617;kernel-tools-libs-devel - 3.10.0-693,3.10.0-693,3.10.0-693;kernel-tools-debuginfo - 3.10.0-693;kernel-rt-doc - 3.10.0-693.rt56.617;kernel-rt-kvm - 3.10.0-693.rt56.617;python-perf-debuginfo - 3.10.0-693;kernel-headers - 3.10.0-693,3.10.0-693,3.10.0-693;kernel-rt-trace - 3.10.0-693.rt56.617;kernel-debuginfo-common-x86_64 - 3.10.0-693;kernel-rt - 3.10.0-693.rt56.617,3.10.0-693.rt56.617;kernel-doc - 3.10.0-693;kernel-abi-whitelists - 3.10.0-693 | ❌ | | CVE-2017-15116 | Medium | 5.5 | detected in multiple dependencies | Direct | 4.2 | ❌ | | CVE-2011-2898 | Medium | 5.5 | linuxlinux-2.6.39.2 | Direct | 2.6.39.3 | ❌ | | CVE-2017-18221 | Medium | 5.5 | linuxlinux-2.6.39.2 | Direct | 4.11.4 | ❌ | | CVE-2018-1095 | Medium | 5.5 | linuxlinux-2.6.39.2 | Direct | v4.17-rc1 | ❌ | | CVE-2018-1093 | Medium | 5.5 | linuxlinux-2.6.39.2 | Direct | v4.17-rc1 | ❌ | | CVE-2011-3637 | Medium | 5.5 | linuxlinux-2.6.39.2 | Direct | 2.6.39 | ❌ | | CVE-2019-20054 | Medium | 5.5 | linuxlinux-2.6.39.2 | Direct | v5.1-rc3 | ❌ | | CVE-2016-4581 | Medium | 5.5 | linuxlinux-2.6.39.2 | Direct | 4.5.4 | ❌ | | CVE-2016-0821 | Medium | 5.5 | linuxlinux-2.6.39.2 | Direct | 4.3 | ❌ | | CVE-2017-18208 | Medium | 5.5 | linuxlinux-2.6.39.2 | Direct | v4.15-rc2,v3.16.57,v3.18.86,v3.2.102,v4.1.48,v4.14.4,v4.4.104,v4.9.67 | ❌ | | CVE-2013-7446 | Medium | 5.3 | linuxlinux-2.6.39.2 | Direct | 4.3.3 | ❌ | | CVE-2012-2373 | Medium | 5.1 | linuxlinux-2.6.39.2 | Direct | 3.4.5 | ❌ | | CVE-2012-2133 | Medium | 5.1 | linuxlinux-2.6.39.2 | Direct | 3.3.6 | ❌ | | CVE-2012-4565 | Medium | 5.1 | linuxlinux-2.6.39.2 | Direct | v3.7-rc1 | ❌ | | CVE-2011-2183 | Medium | 5.1 | linuxlinux-2.6.39.2 | Direct | 2.6.39.3 | ❌ | | CVE-2013-1957 | Medium | 5.1 | detected in multiple dependencies | Direct | v3.9-rc5 | ❌ | | CVE-2014-3940 | Medium | 5.1 | linuxlinux-2.6.39.2 | Direct | v3.15 | ❌ | | CVE-2011-1479 | Medium | 5.1 | linuxlinux-2.6.39.2 | Direct | 2.6.39 | ❌ | | CVE-2015-8839 | Medium | 5.1 | linuxlinux-2.6.39.2 | Direct | 4.5 | ❌ | | CVE-2013-1772 | Medium | 5.1 | linuxlinux-2.6.39.2 | Direct | 3.4.33 | ❌ | | CVE-2012-1179 | Medium | 4.8 | detected in multiple dependencies | Direct | 3.3.1 | ❌ | | CVE-2013-4345 | Medium | 4.8 | linuxlinux-2.6.39.2 | Direct | v3.13-rc2 | ❌ | | CVE-2020-29372 | Medium | 4.7 | linuxlinux-2.6.39.2 | Direct | v5.7-rc3,v5.6.8 | ❌ | | CVE-2022-39188 | Medium | 4.7 | linuxlinux-2.6.39.2 | Direct | v5.19 | ❌ | | CVE-2016-6213 | Medium | 4.7 | detected in multiple dependencies | Direct | 4.9 | ❌ | | CVE-2020-12114 | Medium | 4.7 | linuxlinux-2.6.39.2 | Direct | v5.3-rc1 | ❌ | | CVE-2019-15292 | Medium | 4.7 | linuxlinux-2.6.39.2 | Direct | v5.1-rc1 | ❌ | | CVE-2019-3016 | Medium | 4.7 | linuxlinux-2.6.39.2 | Direct | v5.6-rc1 | ❌ | | CVE-2023-1582 | Medium | 4.7 | linuxlinux-2.6.39.2 | Direct | v5.10.102,v5.15.25,v5.16.10 | ❌ | | CVE-2014-8086 | Medium | 4.7 | linuxlinux-2.6.39.2 | Direct | python-perf-debuginfo - 3.10.0-229;kernel-headers - 3.10.0-229,3.10.0-229;kernel-debuginfo-common-x86_64 - 3.10.0-229;kernel-doc - 3.10.0-229;kernel-abi-whitelists - 3.10.0-229;kernel-bootwrapper - 3.10.0-229;perf - 3.10.0-229,3.10.0-229;kernel-debuginfo - 3.10.0-229;kernel-debug-devel - 3.10.0-229,3.10.0-229;kernel-tools-libs - 3.10.0-229,3.10.0-229;perf-debuginfo - 3.10.0-229;kernel-debug-debuginfo - 3.10.0-229;kernel-debug - 3.10.0-229,3.10.0-229;kernel-devel - 3.10.0-229,3.10.0-229;kernel - 3.10.0-229,3.10.0-229,3.10.0-229;python-perf - 3.10.0-229,3.10.0-229;kernel-tools - 3.10.0-229,3.10.0-229;kernel-tools-libs-devel - 3.10.0-229,3.10.0-229;kernel-tools-debuginfo - 3.10.0-229 | ❌ | | CVE-2016-7097 | Medium | 4.4 | detected in multiple dependencies | Direct | v4.9-rc1 | ❌ | | CVE-2013-2929 | Medium | 4.0 | linuxlinux-2.6.39.2 | Direct | 3.12.2 | ❌ | | CVE-2013-2148 | Medium | 4.0 | linuxlinux-2.6.39.2 | Direct | v3.11-rc1 | ❌ | | CVE-2013-2546 | Medium | 4.0 | detected in multiple dependencies | Direct | v3.9-rc1 | ❌ | | CVE-2013-2548 | Medium | 4.0 | detected in multiple dependencies | Direct | v3.9-rc1 | ❌ | | CVE-2013-2547 | Medium | 4.0 | detected in multiple dependencies | Direct | v3.9-rc1 | ❌ | | CVE-2017-5967 | Medium | 4.0 | detected in multiple dependencies | Direct | v4.11-rc1 | ❌ | | CVE-2013-1956 | Medium | 4.0 | detected in multiple dependencies | Direct | v3.9-rc5 | ❌ | | CVE-2014-9644 | Medium | 4.0 | detected in multiple dependencies | Direct | 3.18.5 | ❌ | | CVE-2012-4530 | Medium | 4.0 | detected in multiple dependencies | Direct | 3.7.2 | ❌ | | CVE-2014-9731 | Medium | 4.0 | detected in multiple dependencies | Direct | 3.18.2 | ❌ | | CVE-2016-0823 | Medium | 4.0 | linuxlinux-2.6.39.2 | Direct | 3.19.3 | ❌ | | CVE-2020-16166 | Low | 3.7 | linuxlinux-2.6.39.2 | Direct | kernel-debug-modules-extra - 4.18.0-193.37.1;perf - 4.18.0-193.37.1,4.18.0-147.38.1;kernel-zfcpdump-modules-extra - 4.18.0-193.37.1;kernel-debug-devel - 4.18.0-193.37.1,4.18.0-240.8.1,4.18.0-147.38.1,4.18.0-147.38.1,4.18.0-240.8.1,4.18.0-240.8.1,4.18.0-147.38.1,4.18.0-193.37.1,4.18.0-147.38.1,4.18.0-193.37.1,4.18.0-193.37.1,4.18.0-240.8.1;bpftool - 4.18.0-240.8.1,4.18.0-240.8.1,4.18.0-193.37.1,4.18.0-193.37.1,4.18.0-147.38.1,4.18.0-147.38.1,4.18.0-240.8.1,4.18.0-147.38.1,4.18.0-193.37.1,4.18.0-193.37.1,4.18.0-147.38.1,4.18.0-240.8.1;kernel-rt-debug-core - 4.18.0-240.8.1.rt7.62,4.18.0-193.37.1.rt13.87;kernel-tools-libs - 4.18.0-147.38.1,4.18.0-240.8.1,4.18.0-193.37.1,4.18.0-240.8.1,4.18.0-147.38.1,4.18.0-193.37.1,4.18.0-147.38.1,4.18.0-193.37.1,4.18.0-240.8.1;perf-debuginfo - 4.18.0-240.8.1,4.18.0-147.38.1,4.18.0-193.37.1;kernel-cross-headers - 4.18.0-193.37.1,4.18.0-240.8.1,4.18.0-147.38.1,4.18.0-147.38.1,4.18.0-193.37.1,4.18.0-193.37.1,4.18.0-240.8.1,4.18.0-147.38.1,4.18.0-193.37.1,4.18.0-147.38.1,4.18.0-240.8.1,4.18.0-240.8.1;kernel-debug-debuginfo - 4.18.0-193.37.1,4.18.0-240.8.1,4.18.0-147.38.1;kernel-debug - 4.18.0-147.38.1,4.18.0-193.37.1,4.18.0-147.38.1,4.18.0-147.38.1,4.18.0-240.8.1,4.18.0-240.8.1,4.18.0-193.37.1,4.18.0-147.38.1,4.18.0-240.8.1,4.18.0-193.37.1,4.18.0-193.37.1,4.18.0-240.8.1;kernel-devel - 4.18.0-193.37.1,4.18.0-240.8.1,4.18.0-240.8.1,4.18.0-147.38.1,4.18.0-193.37.1,4.18.0-240.8.1,4.18.0-147.38.1,4.18.0-147.38.1,4.18.0-193.37.1,4.18.0-193.37.1,4.18.0-147.38.1,4.18.0-240.8.1;kernel - 4.18.0-240.8.1,4.18.0-147.38.1,4.18.0-193.37.1,4.18.0-240.8.1,4.18.0-193.37.1,4.18.0-240.8.1,4.18.0-147.38.1,4.18.0-193.37.1,4.18.0-193.37.1,4.18.0-147.38.1,4.18.0-147.38.1,4.18.0-240.8.1,4.18.0-147.38.1,4.18.0-240.8.1,4.18.0-193.37.1;bpftool-debuginfo - 4.18.0-240.8.1,4.18.0-147.38.1,4.18.0-193.37.1;kernel-zfcpdump-core - 4.18.0-147.38.1,4.18.0-193.37.1,4.18.0-240.8.1;kernel-debug-core - 4.18.0-240.8.1,4.18.0-147.38.1,4.18.0-193.37.1,4.18.0-240.8.1,4.18.0-193.37.1,4.18.0-193.37.1,4.18.0-147.38.1,4.18.0-193.37.1,4.18.0-240.8.1,4.18.0-147.38.1,4.18.0-240.8.1,4.18.0-147.38.1;kernel-modules-extra - 4.18.0-193.37.1,4.18.0-147.38.1,4.18.0-147.38.1,4.18.0-240.8.1,4.18.0-193.37.1,4.18.0-240.8.1,4.18.0-147.38.1,4.18.0-240.8.1,4.18.0-193.37.1,4.18.0-147.38.1,4.18.0-193.37.1,4.18.0-240.8.1;kernel-rt-debug-devel - 4.18.0-193.37.1.rt13.87,4.18.0-240.8.1.rt7.62;kernel-core - 4.18.0-147.38.1,4.18.0-147.38.1,4.18.0-147.38.1,4.18.0-240.8.1,4.18.0-193.37.1,4.18.0-193.37.1,4.18.0-240.8.1,4.18.0-147.38.1,4.18.0-193.37.1,4.18.0-193.37.1,4.18.0-240.8.1,4.18.0-240.8.1;kernel-rt-debug - 4.18.0-193.37.1.rt13.87,4.18.0-240.8.1.rt7.62;kernel-rt-devel - 4.18.0-240.8.1.rt7.62,4.18.0-193.37.1.rt13.87;python3-perf - 4.18.0-147.38.1,4.18.0-240.8.1,4.18.0-193.37.1,4.18.0-147.38.1,4.18.0-240.8.1,4.18.0-193.37.1,4.18.0-193.37.1,4.18.0-147.38.1,4.18.0-147.38.1,4.18.0-240.8.1,4.18.0-193.37.1,4.18.0-240.8.1;kernel-tools - 4.18.0-193.37.1,4.18.0-240.8.1,4.18.0-240.8.1,4.18.0-147.38.1,4.18.0-147.38.1,4.18.0-240.8.1,4.18.0-193.37.1,4.18.0-193.37.1,4.18.0-147.38.1;kernel-debug-modules - 4.18.0-193.37.1,4.18.0-240.8.1,4.18.0-193.37.1,4.18.0-193.37.1,4.18.0-147.38.1,4.18.0-147.38.1,4.18.0-240.8.1,4.18.0-193.37.1,4.18.0-240.8.1,4.18.0-240.8.1,4.18.0-147.38.1,4.18.0-147.38.1;kernel-rt-debuginfo-common-x86_64 - 4.18.0-240.8.1.rt7.62,4.18.0-193.37.1.rt13.87;kernel-modules - 4.18.0-240.8.1,4.18.0-240.8.1,4.18.0-147.38.1,4.18.0-193.37.1,4.18.0-147.38.1,4.18.0-240.8.1,4.18.0-193.37.1,4.18.0-193.37.1,4.18.0-147.38.1,4.18.0-240.8.1,4.18.0-147.38.1,4.18.0-193.37.1;kernel-tools-debuginfo - 4.18.0-193.37.1,4.18.0-147.38.1,4.18.0-240.8.1;kernel-rt-modules - 4.18.0-240.8.1.rt7.62,4.18.0-193.37.1.rt13.87;kernel-rt-kvm - 4.18.0-193.37.1.rt13.87,4.18.0-240.8.1.rt7.62;kernel-headers - 4.18.0-193.37.1,4.18.0-193.37.1,4.18.0-240.8.1,4.18.0-147.38.1,4.18.0-240.8.1,4.18.0-240.8.1,4.18.0-193.37.1,4.18.0-240.8.1,4.18.0-147.38.1,4.18.0-147.38.1,4.18.0-193.37.1,4.18.0-147.38.1;kernel-debuginfo-common-x86_64 - 4.18.0-240.8.1,4.18.0-193.37.1,4.18.0-147.38.1;kernel-rt - 4.18.0-193.37.1.rt13.87,4.18.0-193.37.1.rt13.87,4.18.0-240.8.1.rt7.62,4.18.0-240.8.1.rt7.62;kernel-zfcpdump - 4.18.0-147.38.1,4.18.0-193.37.1,4.18.0-240.8.1;kernel-rt-debug-modules-extra - 4.18.0-240.8.1.rt7.62,4.18.0-193.37.1.rt13.87;python3-perf-debuginfo - 4.18.0-147.38.1,4.18.0-240.8.1,4.18.0-193.37.1;kernel-rt-modules-extra - 4.18.0-240.8.1.rt7.62,4.18.0-193.37.1.rt13.87;kernel-doc - 4.18.0-193.37.1,4.18.0-147.38.1,4.18.0-240.8.1;kernel-rt-core - 4.18.0-240.8.1.rt7.62,4.18.0-193.37.1.rt13.87;kernel-rt-debug-debuginfo - 4.18.0-193.37.1.rt13.87,4.18.0-240.8.1.rt7.62;kernel-abi-whitelists - 4.18.0-240.8.1,4.18.0-193.37.1,4.18.0-147.38.1;kernel-zfcpdump-modules - 4.18.0-193.37.1,4.18.0-147.38.1,4.18.0-240.8.1;kernel-debug-modules-extra - 4.18.0-240.8.1,4.18.0-147.38.1,4.18.0-147.38.1,4.18.0-193.37.1,4.18.0-193.37.1,4.18.0-147.38.1,4.18.0-147.38.1,4.18.0-193.37.1,4.18.0-240.8.1,4.18.0-240.8.1,4.18.0-240.8.1;kernel-rt-debug-kvm - 4.18.0-240.8.1.rt7.62,4.18.0-193.37.1.rt13.87;kernel-rt-debuginfo - 4.18.0-193.37.1.rt13.87,4.18.0-240.8.1.rt7.62;kernel-rt-debug-modules - 4.18.0-193.37.1.rt13.87,4.18.0-240.8.1.rt7.62;kernel-zfcpdump-devel - 4.18.0-147.38.1,4.18.0-193.37.1,4.18.0-240.8.1;perf - 4.18.0-240.8.1,4.18.0-147.38.1,4.18.0-193.37.1,4.18.0-193.37.1,4.18.0-147.38.1,4.18.0-240.8.1,4.18.0-147.38.1,4.18.0-193.37.1,4.18.0-240.8.1,4.18.0-240.8.1;kernel-zfcpdump-modules-extra - 4.18.0-147.38.1,4.18.0-240.8.1;kernel-debuginfo - 4.18.0-193.37.1,4.18.0-147.38.1,4.18.0-240.8.1 | ❌ | | CVE-2015-8952 | Low | 3.3 | linuxlinux-2.6.39.2 | Direct | 4.6 | ❌ | | CVE-2011-4098 | Low | 2.9 | detected in multiple dependencies | Direct | 3.2 | ❌ | | CVE-2012-3520 | Low | 2.9 | linuxlinux-2.6.39.2 | Direct | 3.2.30 | ❌ | | CVE-2010-4075 | Low | 2.9 | linuxlinux-2.6.39.2 | Direct | 2.6.37-rc1 | ❌ | | CVE-2010-4074 | Low | 2.9 | linuxlinux-2.6.39.2 | Direct | 2.6.36-rc5 | ❌ | | CVE-2010-4077 | Low | 2.9 | linuxlinux-2.6.39.2 | Direct | v2.6.37-rc1 | ❌ | | CVE-2010-4076 | Low | 2.9 | linuxlinux-2.6.39.2 | Direct | v2.6.37-rc1 | ❌ | | CVE-2012-6536 | Low | 2.5 | linuxlinux-2.6.39.2 | Direct | v3.6-rc7,v3.2.31 | ❌ |
Details
CVE-2017-7895
### Vulnerable Library - linuxlinux-2.6.39.2Apache Software Foundation (ASF)
Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/?wsslib=linux
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (1)The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.
Publish Date: 2017-04-28
URL: CVE-2017-7895
### CVSS 3 Score Details (9.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7895
Release Date: 2017-04-28
Fix Resolution: v4.11