CVE-2009-2903

high

Description

Memory leak in the appletalk subsystem in the Linux kernel 2.4.x through 2.4.37.6 and 2.6.x through 2.6.31, when the appletalk and ipddp modules are loaded but the ipddp"N" device is not found, allows remote attackers to cause a denial of service (memory consumption) via IP-DDP datagrams.

References

Advisories
More

https://bugzilla.redhat.com/show_bug.cgi?id=522331

http://www.ubuntu.com/usn/USN-852-1

http://www.securityfocus.com/bid/36379

http://www.openwall.com/lists/oss-security/2009/09/17/11

http://www.openwall.com/lists/oss-security/2009/09/14/2

http://www.openwall.com/lists/oss-security/2009/09/14/1

http://www.mandriva.com/security/advisories?name=MDVSA-2009:329

http://secunia.com/advisories/37909

http://secunia.com/advisories/37105

http://secunia.com/advisories/36707

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html

http://git.kernel.org/?p=linux/kernel/git/davem/net-next-2.6.git%3Ba=commit%3Bh=ffcfb8db540ff879c2a85bf7e404954281443414

Details

Source: Mitre, NVD

Published: 2009-09-15

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 7.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High

EPSS

EPSS: 0.03773