Vulnerability Details : CVE-2009-0282
Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 for Windows, and other wireless card drivers including rt2400, rt2500, rt2570, and rt61, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Probe Request packet with a long SSID, possibly related to an integer signedness error.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2009-0282
- cpe:2.3:h:ralinktech:rt73:3.08:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-0282
14.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-0282
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2009-0282
-
Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2009-0282
-
Red Hat 2009-02-02Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, and Red Hat Enterprise MRG.
References for CVE-2009-0282
-
http://secunia.com/advisories/35743
Vendor Advisory
-
http://www.debian.org/security/2009/dsa-1713
[SECURITY] [DSA 1713-1] New rt2500 packages fix arbitrary code execution
-
http://www.securityfocus.com/bid/33340
-
http://secunia.com/advisories/33592
Vendor Advisory
-
http://www.securityfocus.com/archive/1/500168/100/0/threaded
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512995
-
http://www.debian.org/security/2009/dsa-1714
[SECURITY] [DSA 1714-1] New rt2570 packages fix arbitrary code execution
-
http://security.gentoo.org/glsa/glsa-200907-08.xml
-
http://secunia.com/advisories/33699
Vendor Advisory
-
http://www.debian.org/security/2009/dsa-1712
[SECURITY] [DSA 1712-1] New rt2400 packages fix arbitrary code execution
Jump to