{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-03T01:33:07.042","vulnerabilities":[{"cve":{"id":"CVE-2017-7558","sourceIdentifier":"secalert@redhat.com","published":"2018-07-26T15:29:00.357","lastModified":"2024-11-21T03:32:09.810","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace."},{"lang":"es","value":"Se ha encontrado una fuga de datos del kernel debido a una lectura fuera de límites en el kernel de Linux en las funciones inet_diag_msg_sctp{,l}addr_fill() y sctp_get_sctp_info() presentes desde la versión 4.7-rc1 hasta la versión 4.13. Ocurre una fuga de datos cuando estas funciones rellenan las estructuras de datos sockaddr utilizadas para exportar la información de diagnóstico del socket. Como resultado, se podían filtrar hasta 100 bytes de los datos de la slab a un espacio de usuario."}],"metrics":{"cvssMetricV30":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.4,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.7","versionEndIncluding":"4.13","matchCriteriaId":"0089AC9A-CBAA-4489-A0D9-FCA4F78CC3AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.7:rc1:*:*:*:*:*:*","matchCriteriaId":"49A670AB-795C-429C-9F52-0794799C230C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.7:rc2:*:*:*:*:*:*","matchCriteriaId":"FB7866D3-A8CE-42A1-A3E1-783DA7F3DB4E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.7:rc3:*:*:*:*:*:*","matchCriteriaId":"4940B9A0-CF62-4B5F-9E69-91C1594B2107"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.7:rc4:*:*:*:*:*:*","matchCriteriaId":"DA6F4E31-42D4-4DAA-B9D8-0514F11AE778"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.7:rc5:*:*:*:*:*:*","matchCriteriaId":"8DEB1797-95E0-4344-91B3-8C3AEE42BDB8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.7:rc6:*:*:*:*:*:*","matchCriteriaId":"B3E4C538-05B3-47AA-8464-087549C0D8F9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.7:rc7:*:*:*:*:*:*","matchCriteriaId":"45FA346F-1039-4607-871B-B9F236A30C16"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]}],"references":[{"url":"http://seclists.org/oss-sec/2017/q3/338","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/100466","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1039221","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2918","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2930","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2931","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7558","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://marc.info/?l=linux-netdev&m=150348777122761&w=2","source":"secalert@redhat.com","tags":["Patch","Third Party Advisory"]},{"url":"https://www.debian.org/security/2017/dsa-3981","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://seclists.org/oss-sec/2017/q3/338","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/100466","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1039221","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2918","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2930","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2931","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7558","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://marc.info/?l=linux-netdev&m=150348777122761&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.debian.org/security/2017/dsa-3981","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}