nvd-json-data-feeds/CVE-2016/CVE-2016-86xx/CVE-2016-8666.json

{
  "id": "CVE-2016-8666",
  "sourceIdentifier": "security@opentext.com",
  "published": "2016-10-16T21:59:15.523",
  "lastModified": "2023-11-07T02:36:27.150",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039."
    },
    {
      "lang": "es",
      "value": "La pila IP en el kernel de Linux en versiones anteriores a 4.6 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de pila y p\u00e1nico) o tener otro posible impacto no especificado desencadenando uso de la ruta GRO para paquetes con apilamiento en t\u00fanel, como se demuestra por cabeceras IPv4 y cabeceras GRE intercaladas, un problema relacionado con CVE-2016-7039."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "3.14",
              "versionEndExcluding": "3.16.35",
              "matchCriteriaId": "94939292-97B9-46BE-BF06-57D0DB7A8904"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "3.17",
              "versionEndExcluding": "3.18.47",
              "matchCriteriaId": "B1A82714-1C53-498D-94AA-DE9F6B577522"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "3.19",
              "versionEndExcluding": "4.1.38",
              "matchCriteriaId": "755C626E-7669-4E6E-BC91-2656E4740E66"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "4.2",
              "versionEndExcluding": "4.4.29",
              "matchCriteriaId": "D23F7205-D265-429A-ACA9-F0FDAA8615A1"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "4.5",
              "versionEndExcluding": "4.6",
              "matchCriteriaId": "628AFDA5-6C82-4DB8-8280-D1D7C58BBFE7"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971",
      "source": "security@opentext.com"
    },
    {
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2047.html",
      "source": "security@opentext.com"
    },
    {
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2107.html",
      "source": "security@opentext.com"
    },
    {
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2110.html",
      "source": "security@opentext.com"
    },
    {
      "url": "http://rhn.redhat.com/errata/RHSA-2017-0004.html",
      "source": "security@opentext.com"
    },
    {
      "url": "http://www.openwall.com/lists/oss-security/2016/10/13/11",
      "source": "security@opentext.com"
    },
    {
      "url": "http://www.securityfocus.com/bid/93562",
      "source": "security@opentext.com"
    },
    {
      "url": "https://access.redhat.com/errata/RHSA-2017:0372",
      "source": "security@opentext.com"
    },
    {
      "url": "https://bto.bluecoat.com/security-advisory/sa134",
      "source": "security@opentext.com"
    },
    {
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384991",
      "source": "security@opentext.com"
    },
    {
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1001486",
      "source": "security@opentext.com"
    },
    {
      "url": "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971",
      "source": "security@opentext.com"
    }
  ]
}