{
  "threat_severity" : "Important",
  "public_date" : "2011-05-06T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: dccp: handle invalid feature options length",
    "id" : "703011",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=703011"
  },
  "cvss" : {
    "cvss_base_score" : "7.8",
    "cvss_scoring_vector" : "AV:N/AC:L/Au:N/C:N/I:N/A:C",
    "status" : "verified"
  },
  "cwe" : "CWE-190->CWE-119",
  "details" : [ "Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggers a buffer over-read." ],
  "statement" : "This issue does not affect Red Hat Enterprise Linux 4 and 5: Red Hat Enterprise Linux 4 does not provide support for the Datagram Congestion Control Protocol (DCCP), and Red Hat Enterprise Linux 5, which does support DCCP, did not backport the upstream commit that introduced this issue, e77b8363b. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0836.html and https://rhn.redhat.com/errata/RHSA-2011-1253.html.",
  "acknowledgement" : "Red Hat would like to thank Dan Rosenberg for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2011-06-01T00:00:00Z",
    "advisory" : "RHSA-2011:0836",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-131.2.1.el6"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "release_date" : "2011-09-12T00:00:00Z",
    "advisory" : "RHSA-2011:1253",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6",
    "package" : "kernel-rt-0:2.6.33.9-rt31.75.el6rt"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 4",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise MRG 1",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:1"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2011-1770\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-1770" ],
  "name" : "CVE-2011-1770",
  "csaw" : false
}