How severe is CVE-2009-4537?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2009-4537?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2009-4537 - HIGH Severity | CVSS 7.8

Vulnerability Description

drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389.

Related Vulnerabilities

CVE-2015-8747

CRITICAL

CVSS:10.0(Critical)

The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name.

CWE-202015

CVE-2017-10918

CRITICAL

CVSS:10.0(Critical)

Xen through 4.8.x does not validate memory allocations during certain P2M operations, which allows guest OS users to obtain privileged host OS access, aka XSA-222.

CWE-202017

CVE-2017-16845

CRITICAL

CVSS:10.0(Critical)

hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.

CWE-202017

CVE-2017-5226

CRITICAL

CVSS:10.0(Critical)

When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an at...

CWE-202017

CVE-2017-7213

CRITICAL

CVSS:10.0(Critical)

Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops via unspecified vectors.

CWE-202017

CVE-2019-11708

CRITICAL

CVSS:10.0(Critical)

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised...

CWE-202019