Null pointer dereference

2014-03-1113:01:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.918 High

EPSS

Percentile

98.9%

JSON

The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.

CPENameOperatorVersion
ubuntu_linuxeq10.04
big-ip_access_policy_managerge11.1.0
big-ip_access_policy_managerle11.5.3
big-ip_advanced_firewall_managerge11.3.0
big-ip_advanced_firewall_managerle11.5.3
big-ip_analyticsge11.1.0
big-ip_analyticsle11.5.3
big-ip_application_acceleration_managerge11.4.0
big-ip_application_acceleration_managerle11.5.3
big-ip_application_security_managerge11.1.0

Name	Operator	Version
ubuntu_linux	eq	10.04
big-ip_access_policy_manager	ge	11.1.0
big-ip_access_policy_manager	le	11.5.3
big-ip_advanced_firewall_manager	ge	11.3.0
big-ip_advanced_firewall_manager	le	11.5.3
big-ip_analytics	ge	11.1.0
big-ip_analytics	le	11.5.3
big-ip_application_acceleration_manager	ge	11.4.0
big-ip_application_acceleration_manager	le	11.5.3
big-ip_application_security_manager	ge	11.1.0