Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2009-1298

EPSS 2.32% · P85
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2009-1298

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The ip_frag_reasm function in net/ipv4/ip_fragment.c in the Linux kernel 2.6.32-rc8, and 2.6.29 and later versions before 2.6.32, calls IP_INC_STATS_BH with an incorrect argument, which allows remote attackers to cause a denial of service (NULL pointer dereference and hang) via long IP packets, possibly related to the ip_defrag function.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
linux kernel 'net/ipv4/ip_fragment.c'缓冲区溢出漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会发布的开源操作系统Linux所使用的内核。NFSv4 implementation是其中的一个分布式文件系统协议。 Linux kernel 2.6.32-rc8,2.6.29及2.6.32之前版本中的net/ipv4/ip_fragment.c的ip_frag_reasm函数调用了带有不正确参数的IP_INC_STATS_BH,导致存在缓冲区溢出漏洞。远程攻击者可借助超长IP包导致拒绝服务(空指针解引用和挂起)。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2009-1298

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2009-1298

登录查看更多情报信息。

Same Patch Batch · n/a · 2009-12-08 · 21 CVEs total

CVE-2009-4234Micronet Network Access Controller 'error_user.shtml' 跨站脚本攻击漏洞
CVE-2009-3994denton_woods DevIL 'il_dicom.c' 栈缓冲溢出漏洞
CVE-2009-2843apple mac_os_x applets证书加密问题漏洞
CVE-2009-2749IBM WebSphere Application Server Communications Enabled Applications 加密问题漏洞
CVE-2009-4228xfig 'u_bound.c'缓冲区溢出漏洞
CVE-2009-4227Xfig和'f_readold.c'文件解析栈溢出漏洞
CVE-2009-4226sun opensolaris IP模块竞争条件错误漏洞
CVE-2009-4225CA eTrust PestPatrol'ppctl.dl'PestPatrol ActiveX控件栈缓冲溢出漏洞
CVE-2009-3586CoreHTTP 'src/http.c'单字节溢出溢出漏洞
CVE-2009-4235Tim_hockin acpid '/var/log/acpid'敏感信息泄露漏洞
CVE-2009-1568Novell iprint_client 'ienipp.ocx' 缓冲区溢出漏洞
CVE-2009-4233Youjoomla YJ Whois 'mod_yj_whois.php'跨站脚本攻击漏洞
CVE-2009-4232Jonijnm Kide Shoutbox 'index.php' 授权问题漏洞
CVE-2009-4231Basic-cms SweetRice 'plugins.php' 目录遍历漏洞
CVE-2009-4230ruven_pillay iipimage_server缓冲区溢出漏洞
CVE-2009-4229ActiveWebSoftwares Active Bids 多个SQL注入漏洞
CVE-2009-4033Tim_hockin acpid 权限许可和敏感信息泄露漏洞
CVE-2009-4236EC-CUBE 'LC_Page_Admin_Customer_SearchCustomer.php' 信息泄露漏洞
CVE-2009-3844HP OpenView Data Protector Application Recovery Manager栈缓冲区溢出漏洞
CVE-2009-1569Novell iPrint Client缓冲区溢出漏洞

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2009-1298

No comments yet

Leave a comment