CVE-2006-3121
heartbeat - out-of-bounds read
EPSS 20.3%
Description
The peel_netstring function in cl_netstring.c in the heartbeat subsystem in High-Availability Linux before 1.2.5, and 2.0 before 2.0.7, allows remote attackers to cause a denial of service (crash) via the length parameter in a heartbeat message.
How to fix CVE-2006-3121
To remediate CVE-2006-3121, upgrade the affected package to a fixed version below.
- Debian/heartbeat—upgrade to 1.2.4-14 or later
- Debian/heartbeat—upgrade to 1.2.3-9sarge6 or later
Is CVE-2006-3121 being exploited?
Moderate — EPSS is 20.3%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 1.2.4-14
- from 0, < 1.2.3-9sarge6