{ "threat_severity" : "Important", "public_date" : "2008-05-09T00:00:00Z", "bugzilla" : { "description" : "kernel: sit memory leak", "id" : "446031", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=446031" }, "cwe" : "CWE-401", "details" : [ "Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT) tunnel interface, related to the pskb_may_pull and kfree_skb functions, and management of an skb reference count." ], "affected_release" : [ { "product_name" : "MRG for RHEL-5", "release_date" : "2008-08-26T00:00:00Z", "advisory" : "RHSA-2008:0585", "cpe" : "cpe:/a:redhat:enterprise_mrg:1::el5", "package" : "kernel-rt-0:2.6.24.7-74.el5rt" }, { "product_name" : "Red Hat Enterprise Linux 2.1", "release_date" : "2009-01-05T00:00:00Z", "advisory" : "RHSA-2008:0787", "cpe" : "cpe:/o:redhat:enterprise_linux:2.1", "package" : "kernel-0:2.4.18-e.67" }, { "product_name" : "Red Hat Enterprise Linux 2.1", "release_date" : "2009-01-08T00:00:00Z", "advisory" : "RHSA-2009:0001", "cpe" : "cpe:/o:redhat:enterprise_linux:2.1", "package" : "kernel-0:2.4.9-e.74" }, { "product_name" : "Red Hat Enterprise Linux 3", "release_date" : "2008-12-17T00:00:00Z", "advisory" : "RHSA-2008:0973", "cpe" : "cpe:/o:redhat:enterprise_linux:3", "package" : "kernel-0:2.4.21-58.EL" }, { "product_name" : "Red Hat Enterprise Linux 4", "release_date" : "2008-07-23T00:00:00Z", "advisory" : "RHSA-2008:0607", "cpe" : "cpe:/o:redhat:enterprise_linux:4", "package" : "kernel-0:2.6.9-67.0.22.EL" }, { "product_name" : "Red Hat Enterprise Linux 5", "release_date" : "2008-08-04T00:00:00Z", "advisory" : "RHSA-2008:0612", "cpe" : "cpe:/o:redhat:enterprise_linux:5", "package" : "kernel-0:2.6.18-92.1.10.el5" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2008-2136\nhttps://nvd.nist.gov/vuln/detail/CVE-2008-2136" ], "name" : "CVE-2008-2136", "csaw" : false }