CVE-2019-8956

Опубликовано: 01 апр. 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory.

Ссылки

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21
Release Notes
Vendor Advisory
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8
Release Notes
Vendor Advisory
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=ba59fb0273076637f0add4311faa990a5eec27c0
Mailing List
Patch
Vendor Advisory
https://secuniaresearch.flexerasoftware.com/secunia_research/2019-5/
Broken Link
https://support.f5.com/csp/article/K12671141
Third Party Advisory
https://usn.ubuntu.com/3930-1/
Third Party Advisory
https://usn.ubuntu.com/3930-2/
Third Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21
Release Notes
Vendor Advisory
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8
Release Notes
Vendor Advisory
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=ba59fb0273076637f0add4311faa990a5eec27c0
Mailing List
Patch
Vendor Advisory
https://secuniaresearch.flexerasoftware.com/secunia_research/2019-5/
Broken Link
https://support.f5.com/csp/article/K12671141
Third Party Advisory
https://usn.ubuntu.com/3930-1/
Third Party Advisory
https://usn.ubuntu.com/3930-2/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.17 (включая) до 4.19.21 (исключая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.20 (включая) до 4.20.8 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

EPSS

Процентиль: 78%

0.01142

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-416

Связанные уязвимости

CVE-2019-8956

CVSS3: 7.8

ubuntu

почти 7 лет назад

In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory.

CVE-2019-8956

CVSS3: 7.8

redhat

почти 7 лет назад

In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory.

CVE-2019-8956

CVSS3: 7.8

debian

почти 7 лет назад

In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-fre ...

GHSA-6647-2gmj-c8h8

CVSS3: 7.8

github

больше 3 лет назад

In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory.

BDU:2019-01183

CVSS3: 7.8

fstec

около 7 лет назад

Уязвимость реализации протокола SCTP ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии

EPSS

Процентиль: 78%

0.01142

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-416