CVE-2026-43233 (GCVE-0-2026-43233)

Vulnerability from cvelistv5 – Published: 2026-05-06 11:28 – Updated: 2026-05-11 22:20
VLAI
Title
netfilter: nf_conntrack_h323: fix OOB read in decode_choice()
Summary
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: fix OOB read in decode_choice() In decode_choice(), the boundary check before get_len() uses the variable `len`, which is still 0 from its initialization at the top of the function: unsigned int type, ext, len = 0; ... if (ext || (son->attr & OPEN)) { BYTE_ALIGN(bs); if (nf_h323_error_boundary(bs, len, 0)) /* len is 0 here */ return H323_ERROR_BOUND; len = get_len(bs); /* OOB read */ When the bitstream is exactly consumed (bs->cur == bs->end), the check nf_h323_error_boundary(bs, 0, 0) evaluates to (bs->cur + 0 > bs->end), which is false. The subsequent get_len() call then dereferences *bs->cur++, reading 1 byte past the end of the buffer. If that byte has bit 7 set, get_len() reads a second byte as well. This can be triggered remotely by sending a crafted Q.931 SETUP message with a User-User Information Element containing exactly 2 bytes of PER-encoded data ({0x08, 0x00}) to port 1720 through a firewall with the nf_conntrack_h323 helper active. The decoder fully consumes the PER buffer before reaching this code path, resulting in a 1-2 byte heap-buffer-overflow read confirmed by AddressSanitizer. Fix this by checking for 2 bytes (the maximum that get_len() may read) instead of the uninitialized `len`. This matches the pattern used at every other get_len() call site in the same file, where the caller checks for 2 bytes of available data before calling get_len().
Severity
8.2 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: ec8a8f3c31ddef0a7d9626c4b8a4baa30f3b80aa , < bcb50aa0b8f2b74a9fe5a1c7bee6f2657a288041 (git)
Affected: ec8a8f3c31ddef0a7d9626c4b8a4baa30f3b80aa , < 2a3aac4205e7d2f1aca2e3827de8cdd517d36c4a (git)
Affected: ec8a8f3c31ddef0a7d9626c4b8a4baa30f3b80aa , < 81f2fc5b0d0cf4696146f00f837596d10b92dead (git)
Affected: ec8a8f3c31ddef0a7d9626c4b8a4baa30f3b80aa , < 7ef82863d42261817a6394c6c881bd6757a70f16 (git)
Affected: ec8a8f3c31ddef0a7d9626c4b8a4baa30f3b80aa , < 53d32735d77ab56cc3fc7bd53a7d099418f19be1 (git)
Affected: ec8a8f3c31ddef0a7d9626c4b8a4baa30f3b80aa , < f0a83d0a4b7c127d32ac06d607a9214937716129 (git)
Affected: ec8a8f3c31ddef0a7d9626c4b8a4baa30f3b80aa , < 35f1943d242e1b9f0b6e91c0c93bfb293a9f8224 (git)
Affected: ec8a8f3c31ddef0a7d9626c4b8a4baa30f3b80aa , < baed0d9ba91d4f390da12d5039128ee897253d60 (git)
Create a notification for this product.
Linux Linux Affected: 4.15
Unaffected: 0 , < 4.15 (semver)
Unaffected: 5.10.252 , ≤ 5.10.* (semver)
Unaffected: 5.15.202 , ≤ 5.15.* (semver)
Unaffected: 6.1.165 , ≤ 6.1.* (semver)
Unaffected: 6.6.128 , ≤ 6.6.* (semver)
Unaffected: 6.12.75 , ≤ 6.12.* (semver)
Unaffected: 6.18.16 , ≤ 6.18.* (semver)
Unaffected: 6.19.6 , ≤ 6.19.* (semver)
Unaffected: 7.0 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_conntrack_h323_asn1.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "bcb50aa0b8f2b74a9fe5a1c7bee6f2657a288041",
              "status": "affected",
              "version": "ec8a8f3c31ddef0a7d9626c4b8a4baa30f3b80aa",
              "versionType": "git"
            },
            {
              "lessThan": "2a3aac4205e7d2f1aca2e3827de8cdd517d36c4a",
              "status": "affected",
              "version": "ec8a8f3c31ddef0a7d9626c4b8a4baa30f3b80aa",
              "versionType": "git"
            },
            {
              "lessThan": "81f2fc5b0d0cf4696146f00f837596d10b92dead",
              "status": "affected",
              "version": "ec8a8f3c31ddef0a7d9626c4b8a4baa30f3b80aa",
              "versionType": "git"
            },
            {
              "lessThan": "7ef82863d42261817a6394c6c881bd6757a70f16",
              "status": "affected",
              "version": "ec8a8f3c31ddef0a7d9626c4b8a4baa30f3b80aa",
              "versionType": "git"
            },
            {
              "lessThan": "53d32735d77ab56cc3fc7bd53a7d099418f19be1",
              "status": "affected",
              "version": "ec8a8f3c31ddef0a7d9626c4b8a4baa30f3b80aa",
              "versionType": "git"
            },
            {
              "lessThan": "f0a83d0a4b7c127d32ac06d607a9214937716129",
              "status": "affected",
              "version": "ec8a8f3c31ddef0a7d9626c4b8a4baa30f3b80aa",
              "versionType": "git"
            },
            {
              "lessThan": "35f1943d242e1b9f0b6e91c0c93bfb293a9f8224",
              "status": "affected",
              "version": "ec8a8f3c31ddef0a7d9626c4b8a4baa30f3b80aa",
              "versionType": "git"
            },
            {
              "lessThan": "baed0d9ba91d4f390da12d5039128ee897253d60",
              "status": "affected",
              "version": "ec8a8f3c31ddef0a7d9626c4b8a4baa30f3b80aa",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_conntrack_h323_asn1.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.15"
            },
            {
              "lessThan": "4.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.252",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.202",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.128",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.252",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.202",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.165",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.128",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.75",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.16",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.6",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_conntrack_h323: fix OOB read in decode_choice()\n\nIn decode_choice(), the boundary check before get_len() uses the\nvariable `len`, which is still 0 from its initialization at the top of\nthe function:\n\n    unsigned int type, ext, len = 0;\n    ...\n    if (ext || (son-\u003eattr \u0026 OPEN)) {\n        BYTE_ALIGN(bs);\n        if (nf_h323_error_boundary(bs, len, 0))  /* len is 0 here */\n            return H323_ERROR_BOUND;\n        len = get_len(bs);                        /* OOB read */\n\nWhen the bitstream is exactly consumed (bs-\u003ecur == bs-\u003eend), the check\nnf_h323_error_boundary(bs, 0, 0) evaluates to (bs-\u003ecur + 0 \u003e bs-\u003eend),\nwhich is false.  The subsequent get_len() call then dereferences\n*bs-\u003ecur++, reading 1 byte past the end of the buffer.  If that byte\nhas bit 7 set, get_len() reads a second byte as well.\n\nThis can be triggered remotely by sending a crafted Q.931 SETUP message\nwith a User-User Information Element containing exactly 2 bytes of\nPER-encoded data ({0x08, 0x00}) to port 1720 through a firewall with\nthe nf_conntrack_h323 helper active.  The decoder fully consumes the\nPER buffer before reaching this code path, resulting in a 1-2 byte\nheap-buffer-overflow read confirmed by AddressSanitizer.\n\nFix this by checking for 2 bytes (the maximum that get_len() may read)\ninstead of the uninitialized `len`.  This matches the pattern used at\nevery other get_len() call site in the same file, where the caller\nchecks for 2 bytes of available data before calling get_len()."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:20:34.788Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/bcb50aa0b8f2b74a9fe5a1c7bee6f2657a288041"
        },
        {
          "url": "https://git.kernel.org/stable/c/2a3aac4205e7d2f1aca2e3827de8cdd517d36c4a"
        },
        {
          "url": "https://git.kernel.org/stable/c/81f2fc5b0d0cf4696146f00f837596d10b92dead"
        },
        {
          "url": "https://git.kernel.org/stable/c/7ef82863d42261817a6394c6c881bd6757a70f16"
        },
        {
          "url": "https://git.kernel.org/stable/c/53d32735d77ab56cc3fc7bd53a7d099418f19be1"
        },
        {
          "url": "https://git.kernel.org/stable/c/f0a83d0a4b7c127d32ac06d607a9214937716129"
        },
        {
          "url": "https://git.kernel.org/stable/c/35f1943d242e1b9f0b6e91c0c93bfb293a9f8224"
        },
        {
          "url": "https://git.kernel.org/stable/c/baed0d9ba91d4f390da12d5039128ee897253d60"
        }
      ],
      "title": "netfilter: nf_conntrack_h323: fix OOB read in decode_choice()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-43233",
    "datePublished": "2026-05-06T11:28:29.565Z",
    "dateReserved": "2026-05-01T14:12:55.995Z",
    "dateUpdated": "2026-05-11T22:20:34.788Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-43233",
      "date": "2026-06-11",
      "epss": "0.00074",
      "percentile": "0.2251"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-43233\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-05-06T12:16:43.417\",\"lastModified\":\"2026-05-12T19:03:56.650\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnetfilter: nf_conntrack_h323: fix OOB read in decode_choice()\\n\\nIn decode_choice(), the boundary check before get_len() uses the\\nvariable `len`, which is still 0 from its initialization at the top of\\nthe function:\\n\\n    unsigned int type, ext, len = 0;\\n    ...\\n    if (ext || (son-\u003eattr \u0026 OPEN)) {\\n        BYTE_ALIGN(bs);\\n        if (nf_h323_error_boundary(bs, len, 0))  /* len is 0 here */\\n            return H323_ERROR_BOUND;\\n        len = get_len(bs);                        /* OOB read */\\n\\nWhen the bitstream is exactly consumed (bs-\u003ecur == bs-\u003eend), the check\\nnf_h323_error_boundary(bs, 0, 0) evaluates to (bs-\u003ecur + 0 \u003e bs-\u003eend),\\nwhich is false.  The subsequent get_len() call then dereferences\\n*bs-\u003ecur++, reading 1 byte past the end of the buffer.  If that byte\\nhas bit 7 set, get_len() reads a second byte as well.\\n\\nThis can be triggered remotely by sending a crafted Q.931 SETUP message\\nwith a User-User Information Element containing exactly 2 bytes of\\nPER-encoded data ({0x08, 0x00}) to port 1720 through a firewall with\\nthe nf_conntrack_h323 helper active.  The decoder fully consumes the\\nPER buffer before reaching this code path, resulting in a 1-2 byte\\nheap-buffer-overflow read confirmed by AddressSanitizer.\\n\\nFix this by checking for 2 bytes (the maximum that get_len() may read)\\ninstead of the uninitialized `len`.  This matches the pattern used at\\nevery other get_len() call site in the same file, where the caller\\nchecks for 2 bytes of available data before calling get_len().\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":4.2}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.15.1\",\"versionEndExcluding\":\"5.10.252\",\"matchCriteriaId\":\"AF06F1E5-CD8A-4600-A5A6-AC36110965FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.202\",\"matchCriteriaId\":\"4002FC2B-1456-4666-B240-0EBF590C4671\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.165\",\"matchCriteriaId\":\"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.128\",\"matchCriteriaId\":\"851E9353-6C09-4CC9-877E-E09DB164A3C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.12.75\",\"matchCriteriaId\":\"BCE16369-98ED-41CF-8995-DFDC10B288D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.13\",\"versionEndExcluding\":\"6.18.16\",\"matchCriteriaId\":\"B4B8CDA9-BADF-4CF5-8B3B-702DE8EEA40B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.19\",\"versionEndExcluding\":\"6.19.6\",\"matchCriteriaId\":\"373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:4.15:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B4D39AF-668B-442B-8085-639A6D4FA5AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:4.15:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBC4657A-0239-47DF-B582-87D8DFA69439\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:4.15:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E1F48A9-9185-4554-9265-22CEC01D18FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:4.15:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"639D2465-65E0-40E2-B7A8-BEA9E221DE54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:4.15:rc7:*:*:*:*:*:*\",\"matchCriteriaId\":\"A282AD0B-2D63-4F05-8F89-109A0975B423\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:4.15:rc8:*:*:*:*:*:*\",\"matchCriteriaId\":\"30358221-183C-4699-994E-AF51F5D534FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:4.15:rc9:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5ED80A8-E656-4AE9-921B-C22402C94A4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F253B622-8837-4245-BCE5-A7BF8FC76A16\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/2a3aac4205e7d2f1aca2e3827de8cdd517d36c4a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/35f1943d242e1b9f0b6e91c0c93bfb293a9f8224\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/53d32735d77ab56cc3fc7bd53a7d099418f19be1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7ef82863d42261817a6394c6c881bd6757a70f16\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/81f2fc5b0d0cf4696146f00f837596d10b92dead\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/baed0d9ba91d4f390da12d5039128ee897253d60\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/bcb50aa0b8f2b74a9fe5a1c7bee6f2657a288041\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f0a83d0a4b7c127d32ac06d607a9214937716129\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.