CVE

CVE-2009-0778

The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an "rt_cache leak."

View access options View sample report Ask about this record

What this profile means

This public preview summarizes the normalized record without exposing paid citation paths. Use it to decide whether the device deserves a paid report, workspace review, or direct source verification.

Record typedevice

CategoryCVE

StatusNVD CVE record

Confidence90

CVECVE-2009-0778

Source coverage preview

Public pages show source names and record counts. Paid reports unlock source URLs, citation paths, and report-generation context.

Source rows checked2

Max source confidence90

Latest source observationMay 18, 2026

CitationsLocked in paid report

NIST NVD CVE API

Paid report value

Device/security signal snapshot
Known exploited and exploitability interpretation where available
Remediation and inventory-mapping checklist
Locked source citations and monitoring path

For records that need deeper review, use the main access flow to request source-backed report context, saved workspace review, or support before relying on the public preview.

View access options View sample report Contact support

Methodology and limits

Source-backed, but still worth verifying for high-impact use.

Security records are triage intelligence and should be validated against asset inventory, firmware versions, compensating controls, and vendor advisories.

For security teams

Prioritize known exploited and high-confidence records.

For buyers

Check support and vulnerability signals before purchase.

For MSPs

Use reports and monitors for customer device review.

Questions to ask before relying on this record

What official source published this signal, and when was it last observed?
Does the record still match the current operating, legal, safety, or source context?
Are there related records under another name, jurisdiction, model, address, sponsor, or identifier?
Does this decision need human QA before money, safety, care, legal, or operational action?

Paid reports include citation paths and report-generation context; public previews intentionally hide source URLs.