Lucene search

K
cve[email protected]CVE-2014-3688
HistoryNov 30, 2014 - 1:59 a.m.

CVE-2014-3688

2014-11-3001:59:00
CWE-399
web.nvd.nist.gov
78
cve-2014-3688
linux kernel
denial of service
sctp
memory consumption
nvd

7 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.376 Low

EPSS

Percentile

97.1%

The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association’s output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c.

References

7 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.376 Low

EPSS

Percentile

97.1%

Related for CVE-2014-3688