Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2017-18017

The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.

  • Published: Jan 3, 2018
  • Updated: Apr 13, 2023
  • CVE: CVE-2017-18017
  • Severity: Critical
  • Exploit:

CVSS v3:

  • Severity: Critical
  • Score: 9.8
  • AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: High
  • Score: 10
  • AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

Software From Fixed in
linux / linux_kernel 4.10 4.11
linux / linux_kernel 3.2 3.2.99
linux / linux_kernel 3.3 3.10.108
linux / linux_kernel 3.11 3.16.54
linux / linux_kernel 3.17 3.18.60
linux / linux_kernel 3.19 4.1.43
linux / linux_kernel 4.2 4.4.76
linux / linux_kernel 4.5 4.9.36
debian / debian_linux 8.0 8.0.x
debian / debian_linux 7.0 7.0.x
f5 / arx 6.2.0 6.4.0.x
suse / linux_enterprise_server 11-sp4 11-sp4.x
suse / linux_enterprise_software_development_kit 12-sp2 12-sp2.x
suse / linux_enterprise_debuginfo 11-sp3 11-sp3.x
suse / linux_enterprise_desktop 12-sp2 12-sp2.x
suse / linux_enterprise_server 11-sp3 11-sp3.x
suse / linux_enterprise_server 12-sp2 12-sp2.x
suse / linux_enterprise_real_time_extension 11-sp4 11-sp4.x
suse / linux_enterprise_software_development_kit 11-sp4 11-sp4.x
suse / linux_enterprise_debuginfo 11-sp4 11-sp4.x
suse / linux_enterprise_server 12-sp1 12-sp1.x
suse / linux_enterprise_high_availability 12-sp2 12-sp2.x
suse / linux_enterprise_desktop 12-sp3 12-sp3.x
suse / linux_enterprise_server 12 12.x
opensuse / leap 42.3 42.3.x
suse / linux_enterprise_software_development_kit 12-sp3 12-sp3.x
suse / linux_enterprise_module_for_public_cloud 12 12.x
suse / openstack_cloud 6 6.x
suse / linux_enterprise_point_of_sale 11-sp3 11-sp3.x
suse / linux_enterprise_server 12-sp3 12-sp3.x
suse / linux_enterprise_high_availability_extension 11-sp4 11-sp4.x
suse / linux_enterprise_real_time_extension 12-sp2 12-sp2.x
suse / linux_enterprise_live_patching 12 12.x
suse / linux_enterprise_workstation_extension 12-sp2 12-sp2.x
suse / caas_platform - -
suse / linux_enterprise_live_patching 12-sp3 12-sp3.x
suse / linux_enterprise_high_availability 12-sp3 12-sp3.x
suse / linux_enterprise_workstation_extension 12-sp3 12-sp3.x
suse / linux_enterprise_real_time_extension 12-sp3 12-sp3.x
openstack / cloud_magnum_orchestration 7 7.x
canonical / ubuntu_linux 14.04 14.04.x
canonical / ubuntu_linux 12.04 12.04.x
redhat / enterprise_linux_desktop 7.0 7.0.x
redhat / enterprise_linux_workstation 7.0 7.0.x
redhat / enterprise_linux_server 7.0 7.0.x
redhat / enterprise_linux_for_real_time 7 7.x
redhat / enterprise_linux_desktop 6.0 6.0.x
redhat / enterprise_linux_for_real_time_for_nfv 7 7.x
redhat / enterprise_linux_server 6.0 6.0.x
redhat / enterprise_linux_workstation 6.0 6.0.x
redhat / enterprise_linux_server_tus 7.3 7.3.x
redhat / enterprise_linux_server_aus 7.3 7.3.x
redhat / enterprise_linux_server_aus 7.4 7.4.x
redhat / enterprise_linux_server_tus 7.4 7.4.x
redhat / enterprise_linux_eus 7.3 7.3.x
redhat / enterprise_linux_eus 7.4 7.4.x
redhat / enterprise_linux_server_tus 7.6 7.6.x
redhat / enterprise_linux_server_aus 7.6 7.6.x
redhat / enterprise_linux_eus 7.6 7.6.x
redhat / mrg_realtime 2.0 2.0.x
redhat / enterprise_linux_server_aus 7.7 7.7.x
redhat / enterprise_linux_server_tus 7.7 7.7.x
redhat / enterprise_linux_eus 7.7 7.7.x
arista / eos 4.20.1fx-virtual-router 4.20.1fx-virtual-router.x