Linux : Security Vulnerabilities, CVEs, Published In May 2015 (Memory corruption)
include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that triggers extension loading, as demonstrated by configuring a PPTP tunnel in a NAT environment.
Max CVSS
4.9
EPSS Score
0.04%
Published
2015-05-27
Updated
2016-12-31
1 vulnerabilities found