CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2017-18017

CVSS 9.8v3.1pub. 2018-01-03upd. 2025-01-03

The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Arista Eos

    OS
    Arista
    4.20.1fx-virtual-router
  • Canonical Ubuntu

    OS
    Canonical
    12.0414.04
  • Debian

    OS
    Debian
    7.08.0
  • F5 Arx

    APP
    F5
    6.2.0 – 6.4.0
  • Linux Kernel

    OS
    Linux
    4.5 – 4.9.36 (bez)4.10 – 4.11 (bez)3.11 – 3.16.54 (bez)3.2 – 3.2.99 (bez)3.17 – 3.18.60 (bez)3.3 – 3.10.108 (bez)3.19 – 4.1.43 (bez)4.2 – 4.4.76 (bez)
  • Openstack Cloud Magnum Orchestration

    APP
    Openstack
    7
  • Opensuse Leap

    OS
    Opensuse
    42.3
  • Red Hat Enterprise Linux Desktop

    OS
    Redhat
    6.07.0
  • Red Hat Enterprise Linux Eus

    OS
    Redhat
    7.37.47.67.7
  • Red Hat Enterprise Linux For Real Time

    OS
    Redhat
    7
  • Red Hat Enterprise Linux For Real Time For Nfv

    OS
    Redhat
    7
  • Red Hat Enterprise Linux Server

    OS
    Redhat
    6.07.0
  • Red Hat Enterprise Linux Server Aus

    OS
    Redhat
    7.37.47.67.7
  • Red Hat Enterprise Linux Server Tus

    OS
    Redhat
    7.37.47.67.7
  • Red Hat Enterprise Linux Workstation

    OS
    Redhat
    6.07.0
  • Red Hat Mrg Realtime

    APP
    Redhat
    2.0
  • SUSE Caas Platform

    APP
    Suse
    wszystkie wersje
  • SUSE Linux Enterprise Debuginfo

    APP
    Suse
    11
  • SUSE Linux Enterprise Desktop

    OS
    Suse
    12
  • SUSE Linux Enterprise High Availability

    OS
    Suse
    12
  • SUSE Linux Enterprise High Availability Extension

    OS
    Suse
    11
  • SUSE Linux Enterprise Live Patching

    OS
    Suse
    12
  • SUSE Linux Enterprise Module For Public Cloud

    APP
    Suse
    12
  • SUSE Linux Enterprise Point Of Sale

    APP
    Suse
    11
  • SUSE Linux Enterprise Real Time Extension

    OS
    Suse
    1112
  • SUSE Linux Enterprise Server

    OS
    Suse
    1112
  • SUSE Linux Enterprise Software Development Kit

    OS
    Suse
    1112
  • SUSE Linux Enterprise Workstation Extension

    OS
    Suse
    12
  • SUSE Openstack Cloud

    APP
    Suse
    6
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
DoSMemory
CWE
References

Related vulnerabilities

CVE-2026-24061CRITICAL9.8⚠ KEVPL ✓ten sam produkt

GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2025-49113CRITICAL9.9⚠ KEVPL ✓ten sam produkt

RCE przez deserializację PHP w Roundcube Webmail (parametr _from)

CVE-2025-34028CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP