// For flags

CVE-2006-2274

 

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (infinite recursion and crash) via a packet that contains two or more DATA fragments, which causes an skb pointer to refer back to itself when the full message is reassembled, leading to infinite recursion in the sctp_skb_pull function.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-05-09 CVE Reserved
  • 2006-05-09 CVE Published
  • 2023-07-05 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (25)
URL Tag Source
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=672e7cca17ed6036a1756ed34cf20dbd72d5e5f6 X_refsource_confirm
http://secunia.com/advisories/20237 Third Party Advisory
http://secunia.com/advisories/20398 Third Party Advisory
http://secunia.com/advisories/20671 Third Party Advisory
http://secunia.com/advisories/20716 Third Party Advisory
http://secunia.com/advisories/20914 Third Party Advisory
http://secunia.com/advisories/21045 Third Party Advisory
http://secunia.com/advisories/21476 Third Party Advisory
http://secunia.com/advisories/21745 Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm X_refsource_confirm
http://www.osvdb.org/25746 Vdb Entry
http://www.securityfocus.com/bid/17955 Vdb Entry
http://www.vupen.com/english/advisories/2006/2554 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/26432 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9531 Signature
URL Date SRC
URL Date SRC
URL Date SRC
http://www.debian.org/security/2006/dsa-1097 2023-11-07
http://www.debian.org/security/2006/dsa-1103 2023-11-07
http://www.mandriva.com/security/advisories?name=MDKSA-2006:123 2023-11-07
http://www.mandriva.com/security/advisories?name=MDKSA-2006:150 2023-11-07
http://www.novell.com/linux/security/advisories/2006-05-31.html 2023-11-07
http://www.redhat.com/support/errata/RHSA-2006-0493.html 2023-11-07
http://www.trustix.org/errata/2006/0026 2023-11-07
http://www.ubuntu.com/usn/usn-302-1 2023-11-07
https://access.redhat.com/security/cve/CVE-2006-2274 2006-05-24
https://bugzilla.redhat.com/show_bug.cgi?id=1618096 2006-05-24
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Lksctp
Search vendor "Lksctp"
 Stream Control Transmission Protocol
Search vendor "Lksctp" for product "Stream Control Transmission Protocol"
 2.6.17
Search vendor "Lksctp" for product "Stream Control Transmission Protocol" and version "2.6.17"
-
Affected