QwikSec

Security Database

CVE

CWE

Training

CVE-2008-0177

Published: Feb 7, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown function, which allows remote attackers to cause a denial of service (system crash) via an IPv6 packet with an IPComp header.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_VUPEN

http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ipcomp_input.c?f=u&only_with_tag=netbsd-3-1

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

third-party-advisory

x_refsource_SECUNIA

FreeBSD-SA-08:04

vendor-advisory

x_refsource_FREEBSD

third-party-advisory

x_refsource_CERT

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

APPLE-SA-2008-05-28

vendor-advisory

x_refsource_APPLE

http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36%3Br2=1.37

x_refsource_CONFIRM

APPLE-SA-2008-07-11

vendor-advisory

x_refsource_APPLE

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_SECTRACK

third-party-advisory

x_refsource_CERT-VN

third-party-advisory

x_refsource_SECUNIA

exploit

x_refsource_EXPLOIT-DB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.