CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
98.9%
The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.
Vendor | Product | Version | CPE |
---|---|---|---|
linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
redhat | enterprise_linux | 5.0 | cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:* |
redhat | enterprise_mrg | 2.0 | cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:* |
canonical | ubuntu_linux | 12.04 | cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:* |
debian | debian_linux | 7.0 | cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* |
opensuse | evergreen | 11.4 | cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:* |
suse | linux_enterprise_software_development_kit | 12 | cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:* |
suse | linux_enterprise_workstation_extension | 12 | cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:* |
suse | suse_linux_enterprise_server | 10 | cpe:2.3:o:suse:suse_linux_enterprise_server:10:sp4:*:*:ltss:*:*:* |
suse | suse_linux_enterprise_server | 11 | cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp1:*:*:ltss:*:*:* |
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9de7922bc709eee2f609cd01d98aaedc4cf5ea74
linux.oracle.com/errata/ELSA-2014-3087.html
linux.oracle.com/errata/ELSA-2014-3088.html
linux.oracle.com/errata/ELSA-2014-3089.html
lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html
lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html
lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html
lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
marc.info/?l=bugtraq&m=142722450701342&w=2
marc.info/?l=bugtraq&m=142722544401658&w=2
rhn.redhat.com/errata/RHSA-2015-0062.html
rhn.redhat.com/errata/RHSA-2015-0115.html
secunia.com/advisories/62428
www.debian.org/security/2014/dsa-3060
www.securityfocus.com/bid/70883
www.ubuntu.com/usn/USN-2417-1
www.ubuntu.com/usn/USN-2418-1
bugzilla.redhat.com/show_bug.cgi?id=1147850
github.com/torvalds/linux/commit/9de7922bc709eee2f609cd01d98aaedc4cf5ea74
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
98.9%