CVE-2016-9555

Опубликовано: 25 окт. 2016

Источник: redhat

CVSS3: 5.9

CVSS2: 7.1

EPSS Средний

Описание

The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data.

A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash.

Отчет

This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 5, 6, 7, MRG-2 and realtime and will be addressed in future updates.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Affected
Red Hat Enterprise Linux 6	kernel	Fixed	RHSA-2017:0307	23.02.2017
Red Hat Enterprise Linux 7	kernel-rt	Fixed	RHSA-2017:0091	17.01.2017
Red Hat Enterprise Linux 7	kernel	Fixed	RHSA-2017:0086	17.01.2017
Red Hat Enterprise MRG 2	kernel-rt	Fixed	RHSA-2017:0113	17.01.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=1397930kernel: Slab out-of-bounds access in sctp_sf_ootb()

EPSS

Процентиль: 97%

0.32554

Средний

5.9 Medium

CVSS3

7.1 High

CVSS2

Связанные уязвимости

CVE-2016-9555

CVSS3: 9.8

ubuntu

больше 8 лет назад

CVE-2016-9555

CVSS3: 9.8

nvd

больше 8 лет назад

CVE-2016-9555

CVSS3: 9.8

debian

больше 8 лет назад

The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kern ...

GHSA-x329-xh53-wmqc

CVSS3: 9.8

github

около 3 лет назад

ELSA-2016-3652

oracle-oval

больше 8 лет назад

ELSA-2016-3652: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 97%

0.32554

Средний

5.9 Medium

CVSS3

7.1 High

CVSS2