{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The br_multicast_add_group function in net/bridge/br_multicast.c in the Linux kernel before 2.6.38, when a certain Ethernet bridge configuration is used, allows local users to cause a denial of service (memory corruption and system crash) by sending IGMP packets to a local interface."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2012-06-21T23:00:00Z"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6b0d6a9b4296fa16a28d10d416db7a770fc03287"}, {"name": "[oss-security] 20110217 Re: CVE request -- kernel: deficiency in processing igmp host membership reports in br_multicast", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/02/17/2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=678169"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/6b0d6a9b4296fa16a28d10d416db7a770fc03287"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:05:52.919Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6b0d6a9b4296fa16a28d10d416db7a770fc03287"}, {"name": "[oss-security] 20110217 Re: CVE request -- kernel: deficiency in processing igmp host membership reports in br_multicast", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/02/17/2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=678169"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/6b0d6a9b4296fa16a28d10d416db7a770fc03287"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-0716", "state": "PUBLISHED", "dateReserved": "2011-01-31T00:00:00Z", "datePublished": "2012-06-21T23:00:00Z", "dateUpdated": "2024-08-06T22:05:52.919Z"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "084AC06C-2438-4BD5-A28D-8D24DE515135", "versionEndIncluding": "2.6.37.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.37:*:*:*:*:*:*:*", "matchCriteriaId": "18CBFC41-E9A9-456C-8A61-8DB2E6CE2E98", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.37:rc1:*:*:*:*:*:*", "matchCriteriaId": "2EA6C6E6-CAD5-4D43-AD96-66D5ACBB91CE", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.37:rc2:*:*:*:*:*:*", "matchCriteriaId": "71905CF7-7C7B-43AC-970D-D3187A807903", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.37:rc3:*:*:*:*:*:*", "matchCriteriaId": "201421C9-E054-4FEB-A37A-8C314F242FBC", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.37:rc4:*:*:*:*:*:*", "matchCriteriaId": "F157225D-C62C-465D-A758-DE6A6C48C397", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.37:rc5:*:*:*:*:*:*", "matchCriteriaId": "77BB49A9-39D0-49C4-A241-D1537590F508", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.37.1:*:*:*:*:*:*:*", "matchCriteriaId": "CF9A28CB-B307-4D0B-AC45-73964F766B09", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.37.2:*:*:*:*:*:*:*", "matchCriteriaId": "51838021-099C-4135-94E6-EC0276BAB750", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.37.3:*:*:*:*:*:*:*", "matchCriteriaId": "E0F4EBC4-1C6D-428C-9F23-8508EBBD3588", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.37.4:*:*:*:*:*:*:*", "matchCriteriaId": "B86233BC-2B7D-44EB-8253-458E89046B17", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.37.5:*:*:*:*:*:*:*", "matchCriteriaId": "110BB215-C869-4BEB-962D-81A1F9F896B6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The br_multicast_add_group function in net/bridge/br_multicast.c in the Linux kernel before 2.6.38, when a certain Ethernet bridge configuration is used, allows local users to cause a denial of service (memory corruption and system crash) by sending IGMP packets to a local interface."}, {"lang": "es", "value": "La funci\u00f3n de br_multicast_add_group en net/bridge/br_multicast.c en versiones del kernel de Linux anteriores a v2.6.38, cuando se usa una determinada configuraci\u00f3n de bridge Ethernet, permite a usuarios locales provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de la memoria y ca\u00edda del sistema) mediante el env\u00edo de paquetes IGMP a una interfaz local."}], "id": "CVE-2011-0716", "lastModified": "2023-02-13T01:18:30.800", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-06-21T23:55:01.847", "references": [{"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38"}, {"source": "secalert@redhat.com", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6b0d6a9b4296fa16a28d10d416db7a770fc03287"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2011/02/17/2"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=678169"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/6b0d6a9b4296fa16a28d10d416db7a770fc03287"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2011:0421", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-71.24.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2011-04-08T00:00:00Z"}], "bugzilla": {"description": "kernel: deficiency in processing igmp host membership reports in br_multicast", "id": "678169", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=678169"}, "csaw": false, "cvss": {"cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "verified"}, "details": ["The br_multicast_add_group function in net/bridge/br_multicast.c in the Linux kernel before 2.6.38, when a certain Ethernet bridge configuration is used, allows local users to cause a denial of service (memory corruption and system crash) by sending IGMP packets to a local interface."], "name": "CVE-2011-0716", "public_date": "2010-12-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-0716\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-0716"], "statement": "This issue did not affect the versions of the Linux kernel as shipped with Red\nHat Enterprise Linux 4, 5, and Red Hat Enterprise MRG as they did not include\nsupport for the bridge snooping functionality. A future update in Red Hat\nEnterprise Linux 6 may address this flaw.", "threat_severity": "Moderate"}