CVE-2017-13715 (Critical) detected in linux179e72b561d3d331c850e1a5779688d7a7de5246

[mend-bolt-for-github[bot]]

CVE-2017-13715 - Critical Severity Vulnerability

Vulnerable Library - linux179e72b561d3d331c850e1a5779688d7a7de5246

Linux kernel stable tree mirror

Library home page: https://github.com/gregkh/linux.git

Found in base branch: master

Vulnerable Source Files (1)

/net/core/flow_dissector.c

Vulnerability Details

The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does not ensure that n_proto, ip_proto, and thoff are initialized, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a single crafted MPLS packet.

Publish Date: 2017-08-29

URL: CVE-2017-13715

CVSS 3 Score Details (9.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-13715

Release Date: 2017-08-29

Fix Resolution: 4.3

---

Step up your Open Source Security Game with Mend here

[mend-bolt-for-github[bot]]

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.