Integer underflow in the l2cap_config_req function in net/bluetooth/l2cap_core.c in the Linux kernel before 3.0 allows remote attackers to…
redhat·CWE-191·Published 2011-08-29
Integer underflow in the l2cap_config_req function in net/bluetooth/l2cap_core.c in the Linux kernel before 3.0 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a small command-size value within the command header of a Logical Link Control and Adaptation Protocol (L2CAP) configuration request, leading to a buffer overflow.
Integer underflow in the l2cap_config_req function in net/bluetooth/l2cap_core.c in the Linux kernel before 3.0 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a small command-size value within the command header of a Logical Link Control and Adaptation Protocol (L2CAP) configuration request, leading to a buffer overflow.
Desbordamiento de enteros en la función l2cap_config_req en net/bluetooth/l2cap_core.c en el Kernel de Linux anterior a v3.0 permite a atacantes remotos provocar una denegación de servicio o posiblemente tner otro impacto desconocido a través de un pequeño valor "command-size" dentro del comando header en un "Control de Enlace Lógico" (Logical Link Control) y petición de configuración de "Protocolo de Adaptación" (Adaptation Protocol (L2CAP)), cargando un desbordamiento de bufer.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 8.3 | 6.5 | 10.0 | AV:A/AC:L/Au:N/C:C/I:C/A:C |