4 matches found
CVE-2026-53224
In the Linux kernel, the following vulnerability has been resolved: sctp: validate embedded INIT chunk and address list lengths in cookie sctpunpackcookie only checked that the embedded INIT chunk length did not exceed the remaining cookie payload, but did not ensure that the INIT chunk is large...
UBUNTU-CVE-2026-53246
In the Linux kernel, the following vulnerability has been resolved: sctp: validate cached peer INIT chunk length in COOKIEECHO processing When a listening SCTP server processes a COOKIEECHO chunk, the cached peer INIT chunk embedded after the cookie is parsed and its parameters are later walked b...
CVE-2026-53224
The vulnerability CVE-2026-53224 affects the Linux kernel SCTP implementation. The issue arises from insufficient validation of embedded INIT chunks and address list lengths in cookies: sctp_unpack_cookie() may accept a truncated INIT chunk, and the subsequent sctp_process_init() could read INIT ...
kernel: sctp: fix to calc the INIT/INIT-ACK chunk length correctly to set
net/sctp/smmakechunk.c in the Linux kernel before 2.6.34, when addipenable and authenable are used, does not consider the amount of zero padding during calculation of chunk lengths for 1 INIT and 2 INIT ACK chunks, which allows remote attackers to cause a denial of service OOPS via crafted packet...