CVE-2008-0384 : OpenBSD 4.2 allows local users to cause a denial of service (kernel panic) by calling the SIOCGIFRTLABEL IOCTL on an int

OpenBSD 4.2 allows local users to cause a denial of service (kernel panic) by calling the SIOCGIFRTLABEL IOCTL on an interface that does not have a route label, which triggers a NULL pointer dereference when the return value from the rtlabel_id2name function is not checked.

Published 2008-01-22 20:00:00

Updated 2018-10-30 16:25:28

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory CorruptionDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2008-0384

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 8 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2008-0384

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.9	MEDIUM	AV:L/AC:L/Au:N/C:N/I:N/A:C	3.9	6.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

References for CVE-2008-0384

Products affected by CVE-2008-0384

Openbsd » Openbsd » Version: 4.2
cpe:2.3:o:openbsd:openbsd:4.2:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2008-0384

Exploit prediction scoring system (EPSS) score for CVE-2008-0384

CVSS scores for CVE-2008-0384

References for CVE-2008-0384

Products affected by CVE-2008-0384