Integer Underflow (Wrap or Wraparound)

CVE-2011-2497

High

8.3/10

Summary

Integer underflow in the l2cap_config_req function in net/bluetooth/l2cap_core.c in the Linux kernel before 3.0 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a small command-size value within the command header of a Logical Link Control and Adaptation Protocol (L2CAP) configuration request, leading to a buffer overflow.

Access Complexity: LOW
AccessVector: ADJACENT_NETWORK
Authentication: NONE
Integrity Impact: COMPLETE
Confidentiality Impact: COMPLETE
Availability Impact: COMPLETE

CWE-191 - Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

References

Advisory Timeline

Published Aug 29, 2011

Integer Underflow (Wrap or Wraparound)

CVE-2011-2497

Summary

CWE-191 - Integer Underflow (Wrap or Wraparound)

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS