CVE-2004-0816

moderate-risk

Published 2004-12-23

Integer underflow in the firewall logging rules for iptables in Linux before 2.6.8 allows remote attackers to cause a denial of service (application crash) via a malformed IP packet.

Do I need to act?

7.4% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

24696

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (10)

Broken Link http://secunia.com/advisories/11202/

Broken Link http://www.mandriva.com/security/advisories?name=MDKSA-2005:022

Broken Link http://www.novell.com/linux/security/advisories/2004_37_kernel.html

Broken Link http://www.securityfocus.com/bid/11488

Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/17800

Broken Link http://secunia.com/advisories/11202/

Broken Link http://www.mandriva.com/security/advisories?name=MDKSA-2005:022

Broken Link http://www.novell.com/linux/security/advisories/2004_37_kernel.html

Broken Link http://www.securityfocus.com/bid/11488

Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/17800

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 17/34 · Moderate

Exposure 5/34 · Minimal