Memory Corruption and System Crash Vulnerability in Linux Kernel

Memory Corruption and System Crash Vulnerability in Linux Kernel

CVE-2013-4387 · MEDIUM Severity

AV:A/AC:L/AU:N/C:N/I:N/A:C

net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not properly determine the need for UDP Fragmentation Offload (UFO) processing of small packets after the UFO queueing of a large packet, which allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via network traffic that triggers a large response packet.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.