CVE-2005-3809

The nfattr_to_tcp function in ip_conntrack_proto_tcp.c in ctnetlink in Linux kernel 2.6.14 up to 2.6.14.3 allows attackers to cause a denial of service (kernel oops) via an update message without private protocol information, which triggers a null dereference.

Published: Nov 25, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-3809
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	2.6.14-rc2	2.6.14-rc2.x
linux / linux_kernel	2.6.14	2.6.14.x
linux / linux_kernel	2.6.14.3	2.6.14.3.x
linux / linux_kernel	2.6.14-rc3	2.6.14-rc3.x
linux / linux_kernel	2.6.14.1	2.6.14.1.x
linux / linux_kernel	2.6.14-rc1	2.6.14-rc1.x
linux / linux_kernel	2.6.14.2	2.6.14.2.x
linux / linux_kernel	2.6.14-rc4	2.6.14-rc4.x

http://marc.info/?l=linux-kernel&m=113269476105016&w=2
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.14.3
http://www.osvdb.org/24114

Vulnerability Database

CVE-2005-3809

Deep Security Visibility Without the Complexity