CVE-2011-2482

Опубликовано: 30 авг. 2011

Источник: redhat

CVSS2: 7.8

EPSS Низкий

Описание

A certain Red Hat patch to the sctp_sock_migrate function in net/sctp/socket.c in the Linux kernel before 2.6.21, as used in Red Hat Enterprise Linux (RHEL) 5, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted SCTP packet.

Отчет

This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not backport the upstream commit 3ab224be6d6. It did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 6, and Red Hat Enterprise MRG as they have backported the upstream commit ea2bc483ff5 that Red Hat Enterprise Linux 5 did not. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-1212.html.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 4	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise MRG 2	realtime-kernel	Not affected
Red Hat Enterprise Linux 5	kernel	Fixed	RHSA-2011:1212	06.09.2011
Red Hat Enterprise Linux 5.6 EUS - Server Only	kernel	Fixed	RHSA-2011:1813	13.12.2011

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-662->CWE-362->CWE-672->CWE-476

https://bugzilla.redhat.com/show_bug.cgi?id=714867kernel: sctp dos

EPSS

Процентиль: 78%

0.01166

Низкий

7.8 High

CVSS2

Связанные уязвимости

CVE-2011-2482

CVSS3: 7.5

ubuntu

около 12 лет назад

CVE-2011-2482

CVSS3: 7.5

nvd

около 12 лет назад

CVE-2011-2482

CVSS3: 7.5

debian

около 12 лет назад

A certain Red Hat patch to the sctp_sock_migrate function in net/sctp/ ...

GHSA-7jf9-hrfm-fhpj

CVSS3: 7.5

github

около 3 лет назад

ELSA-2011-1212

oracle-oval

почти 14 лет назад

ELSA-2011-1212: kernel security and bug fix update (IMPORTANT)

EPSS

Процентиль: 78%

0.01166

Низкий

7.8 High

CVSS2