CVE-2004-0370 : The setsockopt call in the KAME Project IPv6 implementation, as used in FreeBSD 5.2, does not properly handle certain IP

The setsockopt call in the KAME Project IPv6 implementation, as used in FreeBSD 5.2, does not properly handle certain IPv6 socket options, which could allow attackers to read kernel memory and cause a system panic.

Published 2004-05-04 04:00:00

Updated 2017-07-11 01:30:07

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2004-0370

Probability of exploitation activity in the next 30 days: 0.06%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 23 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2004-0370

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

References for CVE-2004-0370

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:06.ipv6.asc
https://exchange.xforce.ibmcloud.com/vulnerabilities/15662
http://www.securityfocus.com/bid/9992

Products affected by CVE-2004-0370

Freebsd » Freebsd » Version: 5.2
cpe:2.3:o:freebsd:freebsd:5.2:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2004-0370

Exploit prediction scoring system (EPSS) score for CVE-2004-0370

CVSS scores for CVE-2004-0370

References for CVE-2004-0370

Products affected by CVE-2004-0370