Vulnerability Details : CVE-2007-6562
Multiple stack-based buffer overflows in the use of FD_SET in TCPreen before 1.4.4 allow remote attackers to cause a denial of service via multiple concurrent connections, which result in overflows in the (1) SocketAddress::Connect function in libsolve/sockprot.cpp and (2) monitor_bridge function in src/bridge.cpp.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2007-6562
- cpe:2.3:a:tcpreen:tcpreen:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-6562
3.68%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-6562
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2007-6562
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-6562
-
http://www.debian.org/security/2008/dsa-1443
[SECURITY] [DSA 1443-1] New tcpreen packages fix denial of service
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/39241
TCPreen FD_SET() buffer overflow CVE-2007-6562 Vulnerability Report
-
http://anonsvn.remlab.net/svn/tcpreen/tags/1.4.4/NEWS
-
http://www.securityfocus.com/bid/27018
Patch
-
http://www.vupen.com/english/advisories/2007/4318
Site en construction
Jump to