Lucene search

K

RedhatCVELIST:CVE-2013-4350

HistorySep 25, 2013 - 10:00 a.m.

CVE-2013-4350

2013-09-2510:00:00

redhat

www.cve.org

2

6.2 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.8%

The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which allows remote attackers to obtain sensitive information by sniffing the network.

References

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=95ee62083cb6453e056562d91f597552021e6ae7

rhn.redhat.com/errata/RHSA-2013-1490.html

www.openwall.com/lists/oss-security/2013/09/13/3

www.ubuntu.com/usn/USN-2019-1

www.ubuntu.com/usn/USN-2021-1

www.ubuntu.com/usn/USN-2022-1

www.ubuntu.com/usn/USN-2024-1

www.ubuntu.com/usn/USN-2038-1

www.ubuntu.com/usn/USN-2039-1

www.ubuntu.com/usn/USN-2041-1

www.ubuntu.com/usn/USN-2045-1

www.ubuntu.com/usn/USN-2049-1

www.ubuntu.com/usn/USN-2050-1

bugzilla.redhat.com/show_bug.cgi?id=1007872

github.com/torvalds/linux/commit/95ee62083cb6453e056562d91f597552021e6ae7

6.2 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.8%

Related for CVELIST:CVE-2013-4350

f51 prion1 seebug1 cve1 nvd1 debiancve1 ubuntucve1 fedora34 nessus16 openvas84 ubuntu10 securityvulns4 veracode11 redhat1 mageia10 oraclelinux1