4 results (0.016 seconds)

CVSS: 7.5EPSS: 7%CPEs: 4EXPL: 0

Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (deadlock) via a large number of small messages to a receiver application that cannot process the messages quickly enough, which leads to "spillover of the receive buffer." • http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7c3ceb4fb9667f34f1599a062efecf4cdc4a4ce5 http://secunia.com/advisories/20716 http://secunia.com/advisories/21465 http://secunia.com/advisories/22417 http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm http://www.redhat.com/support/errata/RHSA-2006-0575.html http://www.securityfocus.com/bid/17955 http://www.trustix.org/errata/2006/0026 http://www.ubuntu.com/usn/usn-302-1 https:/&#x • CWE-667: Improper Locking •

CVSS: 5.0EPSS: 19%CPEs: 1EXPL: 0

Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (infinite recursion and crash) via a packet that contains two or more DATA fragments, which causes an skb pointer to refer back to itself when the full message is reassembled, leading to infinite recursion in the sctp_skb_pull function. • http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=672e7cca17ed6036a1756ed34cf20dbd72d5e5f6 http://secunia.com/advisories/20237 http://secunia.com/advisories/20398 http://secunia.com/advisories/20671 http://secunia.com/advisories/20716 http://secunia.com/advisories/20914 http://secunia.com/advisories/21045 http://secunia.com/advisories/21476 http://secunia.com/advisories/21745 http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm http://www& •

CVSS: 7.8EPSS: 21%CPEs: 1EXPL: 0

Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (kernel panic) via incoming IP fragmented (1) COOKIE_ECHO and (2) HEARTBEAT SCTP control chunks. • http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0227.html http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=62b08083ec3dbfd7e533c8d230dd1d8191a6e813 http://labs.musecurity.com/advisories/MU-200605-01.txt http://secunia.com/advisories/19990 http://secunia.com/advisories/20157 http://secunia.com/advisories/20237 http://secunia.com/advisories/20398 http://secunia.com/advisories/20671 http://secunia.com/advisories/20716 http://secunia.com/ •

CVSS: 7.8EPSS: 21%CPEs: 10EXPL: 0

The ECNE chunk handling in Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (kernel panic) via an unexpected chunk when the session is in CLOSED state. • http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0227.html http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=35d63edb1c807bc5317e49592260e84637bc432e http://labs.musecurity.com/advisories/MU-200605-01.txt http://secunia.com/advisories/19990 http://secunia.com/advisories/20157 http://secunia.com/advisories/20237 http://secunia.com/advisories/20398 http://secunia.com/advisories/20671 http://secunia.com/advisories/20716 http://secunia.com/ •