Search for vulnerabilities
Vulnerability details: VCID-nr1g-qv9t-aaag
Vulnerability ID VCID-nr1g-qv9t-aaag
Aliases CVE-2006-3121
Summary The peel_netstring function in cl_netstring.c in the heartbeat subsystem in High-Availability Linux before 1.2.5, and 2.0 before 2.0.7, allows remote attackers to cause a denial of service (crash) via the length parameter in a heartbeat message.
Status Published
Exploitability 2.0
Weighted Severity 4.5
Risk 9.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-399 Resource Management Errors
System Score Found at
epss 0.05439 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.05439 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.05439 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.05439 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.10409 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.10409 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.10409 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.11256 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.11256 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.11256 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.11256 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.11256 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.11256 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.11256 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.11256 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.18216 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.20379 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.20379 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.20379 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.20379 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
epss 0.21006 https://api.first.org/data/v1/epss?cve=CVE-2006-3121
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2006-3121
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2006-3121
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3121
http://secunia.com/advisories/21505
http://secunia.com/advisories/21511
http://secunia.com/advisories/21518
http://secunia.com/advisories/21521
http://secunia.com/advisories/21629
http://security.gentoo.org/glsa/glsa-200608-23.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/28396
http://www.debian.org/security/2006/dsa-1151
http://www.linux-ha.org/_cache/SecurityIssues__sec03.txt
http://www.linux-ha.org/SecurityIssues
http://www.mandriva.com/security/advisories?name=MDKSA-2006:142
http://www.securityfocus.com/bid/19516
http://www.ubuntu.com/usn/usn-335-1
http://www.vupen.com/english/advisories/2006/3288
cpe:2.3:a:high_availability_linux_project:heartbeat:1.2.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:high_availability_linux_project:heartbeat:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:high_availability_linux_project:heartbeat:1.2.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:high_availability_linux_project:heartbeat:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:high_availability_linux_project:heartbeat:2.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:high_availability_linux_project:heartbeat:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:high_availability_linux_project:heartbeat:2.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:high_availability_linux_project:heartbeat:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:high_availability_linux_project:heartbeat:2.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:high_availability_linux_project:heartbeat:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:high_availability_linux_project:heartbeat:2.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:high_availability_linux_project:heartbeat:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:high_availability_linux_project:heartbeat:2.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:high_availability_linux_project:heartbeat:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:high_availability_linux_project:heartbeat:2.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:high_availability_linux_project:heartbeat:2.0.6:*:*:*:*:*:*:*
CVE-2006-3121 https://nvd.nist.gov/vuln/detail/CVE-2006-3121
CVE-2006-3121;OSVDB-27955 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/28386.txt
CVE-2006-3121;OSVDB-27955 Exploit https://www.securityfocus.com/bid/19516/info
GLSA-200608-23 https://security.gentoo.org/glsa/200608-23
USN-335-1 https://usn.ubuntu.com/335-1/
Data source Exploit-DB
Date added Aug. 13, 2006
Description Linux-HA Heartbeat 2.0.6 - Remote Denial of Service
Ransomware campaign use Known
Source publication date Aug. 13, 2006
Exploit type dos
Platform linux
Source update date Sept. 19, 2013
Source URL https://www.securityfocus.com/bid/19516/info
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2006-3121
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.93060
EPSS Score 0.05439
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.