kernel: sctp: skb_over_panic when receiving malformed ASCONF chunks

🗓️ 16 Dec 2014 19:12:55Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 1 Views

Linux kernel stream control protocol flaw allows remote attacker to crash the system via malformed ASCONF chunks.

Reporter	Title	Published	Views	Family All 199
BDU FSTEC	Vulnerabilities of the Red Hat Enterprise Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information	2 Jun 201500:00	–	bdu_fstec
BDU FSTEC	Vulnerabilities of the Red Hat Enterprise Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information	2 Jun 201500:00	–	bdu_fstec
BDU FSTEC	Vulnerabilities of the Red Hat Enterprise Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information	2 Jun 201500:00	–	bdu_fstec
BDU FSTEC	Vulnerabilities of the Red Hat Enterprise Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information	1 Jun 201500:00	–	bdu_fstec
BDU FSTEC	Vulnerabilities of the Red Hat Enterprise Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information	1 Jun 201500:00	–	bdu_fstec
Tenable Nessus	CentOS 7 : kernel (CESA-2014:1971)	15 Dec 201400:00	–	nessus
Tenable Nessus	CentOS 6 : kernel (CESA-2014:1997)	18 Dec 201400:00	–	nessus
Tenable Nessus	Debian DSA-3060-1 : linux - security update	3 Nov 201400:00	–	nessus
Tenable Nessus	EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1480)	13 May 201900:00	–	nessus
Tenable Nessus	EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1533)	14 May 201900:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	6	i686	kernel	0:2.6.32-504.3.3.el6	kernel-0:2.6.32-504.3.3.el6.i686.rpm
Red Hat Enterprise Linux	6	ppc64	kernel	0:2.6.32-504.3.3.el6	kernel-0:2.6.32-504.3.3.el6.ppc64.rpm
Red Hat Enterprise Linux	6	s390x	kernel	0:2.6.32-504.3.3.el6	kernel-0:2.6.32-504.3.3.el6.s390x.rpm
Red Hat Enterprise Linux	6	x86_64	kernel	0:2.6.32-504.3.3.el6	kernel-0:2.6.32-504.3.3.el6.x86_64.rpm
Red Hat Enterprise Linux	6	any	kernel-abi-whitelists	0:2.6.32-504.3.3.el6	kernel-abi-whitelists-0:2.6.32-504.3.3.el6.noarch.rpm
Red Hat Enterprise Linux	6	ppc64	kernel-bootwrapper	0:2.6.32-504.3.3.el6	kernel-bootwrapper-0:2.6.32-504.3.3.el6.ppc64.rpm
Red Hat Enterprise Linux	6	i686	kernel-debug	0:2.6.32-504.3.3.el6	kernel-debug-0:2.6.32-504.3.3.el6.i686.rpm
Red Hat Enterprise Linux	6	ppc64	kernel-debug	0:2.6.32-504.3.3.el6	kernel-debug-0:2.6.32-504.3.3.el6.ppc64.rpm
Red Hat Enterprise Linux	6	s390x	kernel-debug	0:2.6.32-504.3.3.el6	kernel-debug-0:2.6.32-504.3.3.el6.s390x.rpm
Red Hat Enterprise Linux	6	x86_64	kernel-debug	0:2.6.32-504.3.3.el6	kernel-debug-0:2.6.32-504.3.3.el6.x86_64.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2014-3673
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2014-3673
cve	www.cve.org/CVERecord

21 Nov 2025 17:51Current

6.7Medium risk

Vulners AI Score6.7

CVSS 3.17.5

CVSS 27.8

EPSS0.0912

linux kernel stream control protocol asconf chunks remote attacker system crash