Описание
net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip_enable and auth_enable are used, does not consider the amount of zero padding during calculation of chunk lengths for (1) INIT and (2) INIT ACK chunks, which allows remote attackers to cause a denial of service (OOPS) via crafted packet data.
Ссылки
- Broken Link
- Mailing ListPatchThird Party Advisory
- Mailing ListPatchThird Party Advisory
- Third Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
- Broken Link
- Mailing ListPatchThird Party Advisory
- Mailing ListPatchThird Party Advisory
- Third Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
Уязвимые конфигурации
EPSS
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip_enable and auth_enable are used, does not consider the amount of zero padding during calculation of chunk lengths for (1) INIT and (2) INIT ACK chunks, which allows remote attackers to cause a denial of service (OOPS) via crafted packet data.
net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip_enable and auth_enable are used, does not consider the amount of zero padding during calculation of chunk lengths for (1) INIT and (2) INIT ACK chunks, which allows remote attackers to cause a denial of service (OOPS) via crafted packet data.
net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip ...
net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip_enable and auth_enable are used, does not consider the amount of zero padding during calculation of chunk lengths for (1) INIT and (2) INIT ACK chunks, which allows remote attackers to cause a denial of service (OOPS) via crafted packet data.
ELSA-2011-2015: Oracle Linux 6 Unbreakable Enterprise kernel security fix update (IMPORTANT)
EPSS
5.9 Medium
CVSS3
4.3 Medium
CVSS2