6.4 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.197 Low
EPSS
Percentile
96.3%
Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (infinite recursion and crash) via a packet that contains two or more DATA fragments, which causes an skb pointer to refer back to itself when the full message is reassembled, leading to infinite recursion in the sctp_skb_pull function.
CPE | Name | Operator | Version |
---|---|---|---|
lksctp:stream_control_transmission_protocol | lksctp stream control transmission protocol | eq | 2.6.17 |
git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=672e7cca17ed6036a1756ed34cf20dbd72d5e5f6
secunia.com/advisories/20237
secunia.com/advisories/20398
secunia.com/advisories/20671
secunia.com/advisories/20716
secunia.com/advisories/20914
secunia.com/advisories/21045
secunia.com/advisories/21476
secunia.com/advisories/21745
support.avaya.com/elmodocs2/security/ASA-2006-161.htm
www.debian.org/security/2006/dsa-1097
www.debian.org/security/2006/dsa-1103
www.mandriva.com/security/advisories?name=MDKSA-2006:123
www.mandriva.com/security/advisories?name=MDKSA-2006:150
www.novell.com/linux/security/advisories/2006-05-31.html
www.osvdb.org/25746
www.redhat.com/support/errata/RHSA-2006-0493.html
www.securityfocus.com/bid/17955
www.trustix.org/errata/2006/0026
www.ubuntu.com/usn/usn-302-1
www.vupen.com/english/advisories/2006/2554
exchange.xforce.ibmcloud.com/vulnerabilities/26432
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9531