Buffer Overflow and Denial of Service Vulnerability in Linux Kernel
CVE-2008-1673

Currently unrated

Key Information:

Vendor
Linux
Status
Linux Kernel
Debian Linux
Vendor
CVE Published:
10 June 2008

Summary

The Linux kernel versions prior to 2.4.36.6 (2.4 series) and 2.6.25.5 (2.6 series) include a flaw in ASN.1 implementation. This flaw does not adequately validate length values during the decoding of ASN.1 BER data. Attackers can exploit this vulnerability by providing malformed data, which can result in a denial of service through crashes or potentially executing arbitrary code. The vulnerability stems from errors such as receiving a length greater than the buffer size, an object identifier length of zero leading to off-by-one errors, or handling of indefinite lengths in primitive encodings.

References

http://lists.opensuse.org/opensuse-security-announce/2008...
vendor-advisoryx_refsource_SUSE
http://secunia.com/advisories/30000
third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/30658
third-party-advisoryx_refsource_SECUNIA

EPSS Score

18% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2008-1673 : Buffer Overflow and Denial of Service Vulnerability in Linux Kernel | SecurityVulnerability.io