CVE-2005-3806

Name: CVE-2005-3806
Creator: NVD / NIST
Published: 2005-11-25T21:03:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.44%

Last modified Jun 16, 2026

CVE-2005-3806 is a vulnerability of currently unknown severity. The IPv6 flow label handling code (ip6_flowlabel.c) in Linux kernels 2.4 up to 2.4.32 and 2.6 before 2.6.14 modifies the wrong variable in certain circumstances, which allows local users to corrupt kernel memory or cause a denial of service (crash) by triggering a free of non-allocated memory.. EPSS estimates a 0.44% chance of exploitation in the next 30 days.

Description

The IPv6 flow label handling code (ip6_flowlabel.c) in Linux kernels 2.4 up to 2.4.32 and 2.6 before 2.6.14 modifies the wrong variable in certain circumstances, which allows local users to corrupt kernel memory or cause a denial of service (crash) by triggering a free of non-allocated memory.

Metrics

EPSS Probability

0.44%

35.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-399

Affected Software

Vendor	Product	Versions	Update
Linux	Linux Kernel	2.4.0	—
Linux	Linux Kernel	2.4.1	—
Linux	Linux Kernel	2.4.2	—
Linux	Linux Kernel	2.4.3	—
Linux	Linux Kernel	2.4.10	—
Linux	Linux Kernel	2.4.11	—
Linux	Linux Kernel	2.4.12	—
Linux	Linux Kernel	2.4.13	—
Linux	Linux Kernel	2.4.14	—
Linux	Linux Kernel	2.4.15	—
Linux	Linux Kernel	2.4.16	—
Linux	Linux Kernel	2.4.17	—
Linux	Linux Kernel	2.4.18	—
Linux	Linux Kernel	2.4.19	—
Linux	Linux Kernel	2.4.20	—
Linux	Linux Kernel	2.4.21	—
Linux	Linux Kernel	2.4.22	—
Linux	Linux Kernel	2.4.23	—
Linux	Linux Kernel	2.4.23_ow2	—
Linux	Linux Kernel	2.4.24	—
Linux	Linux Kernel	2.4.24_ow1	—
Linux	Linux Kernel	2.4.25	—
Linux	Linux Kernel	2.4.26	—
Linux	Linux Kernel	2.4.27	—
Linux	Linux Kernel	2.4.28	—
Linux	Linux Kernel	2.4.29	—
Linux	Linux Kernel	2.4.30	—
Linux	Linux Kernel	2.4.31	—
Linux	Linux Kernel	2.4.32	—
Linux	Linux Kernel	2.6.0	—
Linux	Linux Kernel	2.6.1	—
Linux	Linux Kernel	2.6.2	—
Linux	Linux Kernel	2.6.3	—
Linux	Linux Kernel	2.6.4	—
Linux	Linux Kernel	2.6.5	—
Linux	Linux Kernel	2.6.6	—
Linux	Linux Kernel	2.6.7	—
Linux	Linux Kernel	2.6.8	—
Linux	Linux Kernel	2.6.8.1	—
Linux	Linux Kernel	2.6.9	2.6.20
Linux	Linux Kernel	2.6.10	—
Linux	Linux Kernel	2.6.11	—
Linux	Linux Kernel	2.6.11.1	—
Linux	Linux Kernel	2.6.11.2	—
Linux	Linux Kernel	2.6.11.3	—
Linux	Linux Kernel	2.6.11.4	—
Linux	Linux Kernel	2.6.11.5	—
Linux	Linux Kernel	2.6.11.6	—
Linux	Linux Kernel	2.6.11.7	—
Linux	Linux Kernel	2.6.11.8	—

Showing 50 of 61 affected configurations. See NVD for the full list.

References

http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=blobdiff%3Bh=bbbe80cdaf72a75a463aff9551e60b31e2f69061%3Bhp=f841bde30c18493a94fd5d522b84724a8eb82a4a%3Bhb=4ea6a8046bb49d43c950898f0cb4e1994ef6c89d%3Bf=net/ipv6/ip6_flowlabel.c
http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4ea6a8046bb49d43c950898f0cb4e1994ef6c89d
http://secunia.com/advisories/17917Patch, Vendor Advisory
http://secunia.com/advisories/17918Patch, Vendor Advisory
http://secunia.com/advisories/18203Patch, Vendor Advisory
http://secunia.com/advisories/18510Patch, Vendor Advisory
http://secunia.com/advisories/18562Patch, Vendor Advisory
http://secunia.com/advisories/18684Patch, Vendor Advisory
http://secunia.com/advisories/18977Patch, Vendor Advisory
http://secunia.com/advisories/19369Patch, Vendor Advisory
http://secunia.com/advisories/19374Patch, Vendor Advisory
http://www.debian.org/security/2006/dsa-1017Patch, Vendor Advisory
http://www.debian.org/security/2006/dsa-1018Patch, Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:018
http://www.mandriva.com/security/advisories?name=MDKSA-2006:072
http://www.redhat.com/support/errata/RHSA-2006-0101.html
http://www.redhat.com/support/errata/RHSA-2006-0140.html
http://www.redhat.com/support/errata/RHSA-2006-0190.html
http://www.redhat.com/support/errata/RHSA-2006-0191.html
http://www.securityfocus.com/advisories/9806
http://www.securityfocus.com/archive/1/419522/100/0/threaded
http://www.securityfocus.com/archive/1/427981/100/0/threaded
http://www.securityfocus.com/archive/1/428028/100/0/threaded
http://www.securityfocus.com/archive/1/428058/100/0/threaded
http://www.securityfocus.com/bid/15729
http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:044Patch, Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9903
https://usn.ubuntu.com/231-1/
http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=blobdiff%3Bh=bbbe80cdaf72a75a463aff9551e60b31e2f69061%3Bhp=f841bde30c18493a94fd5d522b84724a8eb82a4a%3Bhb=4ea6a8046bb49d43c950898f0cb4e1994ef6c89d%3Bf=net/ipv6/ip6_flowlabel.c
http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4ea6a8046bb49d43c950898f0cb4e1994ef6c89d
http://secunia.com/advisories/17917Patch, Vendor Advisory
http://secunia.com/advisories/17918Patch, Vendor Advisory
http://secunia.com/advisories/18203Patch, Vendor Advisory
http://secunia.com/advisories/18510Patch, Vendor Advisory
http://secunia.com/advisories/18562Patch, Vendor Advisory
http://secunia.com/advisories/18684Patch, Vendor Advisory
http://secunia.com/advisories/18977Patch, Vendor Advisory
http://secunia.com/advisories/19369Patch, Vendor Advisory
http://secunia.com/advisories/19374Patch, Vendor Advisory
http://www.debian.org/security/2006/dsa-1017Patch, Vendor Advisory
http://www.debian.org/security/2006/dsa-1018Patch, Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:018
http://www.mandriva.com/security/advisories?name=MDKSA-2006:072
http://www.redhat.com/support/errata/RHSA-2006-0101.html
http://www.redhat.com/support/errata/RHSA-2006-0140.html
http://www.redhat.com/support/errata/RHSA-2006-0190.html
http://www.redhat.com/support/errata/RHSA-2006-0191.html
http://www.securityfocus.com/advisories/9806
http://www.securityfocus.com/archive/1/419522/100/0/threaded
http://www.securityfocus.com/archive/1/427981/100/0/threaded
http://www.securityfocus.com/archive/1/428028/100/0/threaded
http://www.securityfocus.com/archive/1/428058/100/0/threaded
http://www.securityfocus.com/bid/15729
http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:044Patch, Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9903
https://usn.ubuntu.com/231-1/

Timeline

Published: Nov 25, 2005
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2005-3806?

How severe is CVE-2005-3806?

Severity scoring for CVE-2005-3806 is pending analysis. The EPSS model estimates a 0.44% probability of exploitation in the next 30 days.

How do I fix CVE-2005-3806?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2005-3806?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST