CVE-2006-3815
heartbeat - permission error
EPSS 0.22%
Description
heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a shmget call for shared memory, which allows local users to cause an unspecified denial of service via unknown vectors, possibly during a short time window on startup.
How to fix CVE-2006-3815
To remediate CVE-2006-3815, upgrade the affected package to a fixed version below.
- Debian/heartbeat—upgrade to 1.2.4-13 or later
- Debian/heartbeat—upgrade to 1.2.3-9sarge5 or later
Is CVE-2006-3815 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.2.4-13
- from 0, < 1.2.3-9sarge5