CVE-2017-6074 in Communicationsinfo

Summary

The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

02/17/2017

Disclosure

02/17/2017

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
121575	Oracle Communications Session Border Controller double free	415	Proof-of-Concept	Official fix	CVE-2017-6074
97118	Linux Kernel input.c dccp_rcv_state_process free use after free	416	Proof-of-Concept	Official fix	CVE-2017-6074

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!