CVE-2006-3121

Name: CVE-2006-3121
Creator: NVD / NIST
Published: 2006-08-17T01:04:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 12.59%

Last modified Jun 16, 2026

CVE-2006-3121 is a vulnerability of currently unknown severity. The peel_netstring function in cl_netstring.c in the heartbeat subsystem in High-Availability Linux before 1.2.5, and 2.0 before 2.0.7, allows remote attackers to cause a denial of service (crash) via the length parameter in a heartbeat message.. EPSS estimates a 12.59% chance of exploitation in the next 30 days.

Description

The peel_netstring function in cl_netstring.c in the heartbeat subsystem in High-Availability Linux before 1.2.5, and 2.0 before 2.0.7, allows remote attackers to cause a denial of service (crash) via the length parameter in a heartbeat message.

Metrics

EPSS Probability

12.59%

95.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-399

Affected Software

Vendor	Product	Versions
High Availability Linux Project	Heartbeat	1.2.3
High Availability Linux Project	Heartbeat	1.2.4
High Availability Linux Project	Heartbeat	2.0.1
High Availability Linux Project	Heartbeat	2.0.2
High Availability Linux Project	Heartbeat	2.0.3
High Availability Linux Project	Heartbeat	2.0.4
High Availability Linux Project	Heartbeat	2.0.5
High Availability Linux Project	Heartbeat	2.0.6

References

http://secunia.com/advisories/21505Vendor Advisory
http://secunia.com/advisories/21511Vendor Advisory
http://secunia.com/advisories/21518Vendor Advisory
http://secunia.com/advisories/21521Vendor Advisory
http://secunia.com/advisories/21629Vendor Advisory
http://security.gentoo.org/glsa/glsa-200608-23.xml
http://www.debian.org/security/2006/dsa-1151Patch
http://www.linux-ha.org/SecurityIssuesPatch
http://www.linux-ha.org/_cache/SecurityIssues__sec03.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2006:142
http://www.securityfocus.com/bid/19516Patch
http://www.ubuntu.com/usn/usn-335-1
http://www.vupen.com/english/advisories/2006/3288Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/28396
http://secunia.com/advisories/21505Vendor Advisory
http://secunia.com/advisories/21511Vendor Advisory
http://secunia.com/advisories/21518Vendor Advisory
http://secunia.com/advisories/21521Vendor Advisory
http://secunia.com/advisories/21629Vendor Advisory
http://security.gentoo.org/glsa/glsa-200608-23.xml
http://www.debian.org/security/2006/dsa-1151Patch
http://www.linux-ha.org/SecurityIssuesPatch
http://www.linux-ha.org/_cache/SecurityIssues__sec03.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2006:142
http://www.securityfocus.com/bid/19516Patch
http://www.ubuntu.com/usn/usn-335-1
http://www.vupen.com/english/advisories/2006/3288Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/28396

Timeline

Published: Aug 17, 2006
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2006-3121?

How severe is CVE-2006-3121?

Severity scoring for CVE-2006-3121 is pending analysis. The EPSS model estimates a 12.59% probability of exploitation in the next 30 days.

How do I fix CVE-2006-3121?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-3121?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST