UBUNTU-CVE-2020-16044

Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...

CVE-2020-5918

In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management Microkernel TMM may stop responding when processing Stream Control Transmission Protocol SCTP traffic when traffic volume is high. This vulnerability...

chromium-browser: Inappropriate implementation in WebRTC

Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream...

Google Chrome Code Execution Vulnerability (CNVD-2020-49886)

Google Chrome is a web browser from Google, Inc.SCTP is one of the Stream Control Transmission Protocols SCTP. A security vulnerability exists in SCTP in versions prior to Google Chrome 84.0.4147.105. An attacker can exploit the vulnerability to execute arbitrary code with the help of specially...

The vulnerability of the `sctp_load_addresses_from_init` function in the implementation of the USRCTP protocol, which supports multiple addresses, relates to reading beyond the buffer boundaries in memory. This allows a malicious actor to cause a service failure.

The vulnerability of the sctploadaddressesfrominit function in the implementation of the USCTCP protocol, which supports multiple addresses, is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

usrsctp: Buffer overflow in AUTH chunk input validation

A flaw was found in Mozilla Firefox and Thunderbird. When parsing and validating SCTP chunks in WebRTC a memory buffer overflow could occur leading to memory corruption and an exploitable crash. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

The vulnerability of the SCTP control protocol implementation in the StarOS operating system allows a attacker to induce a service failure.

The vulnerability of the SCTP control protocol implementation in the StarOS operating system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

kernel: SCTP socket buffer memory leak leading to denial of service

The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack...

kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service

An error in the "sctpmakechunk" function net/sctp/smmakechunk.c when handling SCTP, packet length can be exploited by a malicious local user to cause a kernel crash and a DoS...

kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service

An error in the "sctpmakechunk" function net/sctp/smmakechunk.c when handling SCTP, packet length can be exploited by a malicious local user to cause a kernel crash and a DoS...

kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service

An error in the "sctpmakechunk" function net/sctp/smmakechunk.c when handling SCTP, packet length can be exploited by a malicious local user to cause a kernel crash and a DoS...

kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service

An error in the "sctpmakechunk" function net/sctp/smmakechunk.c when handling SCTP, packet length can be exploited by a malicious local user to cause a kernel crash and a DoS...

DEBIAN-CVE-2018-5803

In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "sctpmakechunk" function net/sctp/smmakechunk.c when handling SCTP packets length can be exploited to cause a kernel crash...

CVE-2017-15344

Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30 has an integer overflow vulnerability. The software does not sufficiently validate certain field in SCTP messages, a remote unauthenticated attacker coul...

CVE-2017-15317

AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20,...

Huawei AR3200 Integer Overflow Vulnerability

Huawei AR3200 Series Enterprise Router is a new generation of network products launched by Huawei. The Huawei AR3200 suffers from an integer overflow vulnerability, which is due to the device failing to adequately verify certain fields in SCTP messages. An attacker successfully exploited the...

USN-3266-2 linux-hwe vulnerability

USN-3266-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS. Alexander Popov discovered that a race condition existed in the Stream Control Transmission...

USN-3264-1 linux vulnerability

Alexander Popov discovered that a race condition existed in the Stream Control Transmission Protocol SCTP implementation in the Linux kernel. A local attacker could use this to cause a denial of service system crash...

DEBIAN-CVE-2017-6353

net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service invalid unlock and double free via a multithreaded application. NOTE: this vulnerability exists because...

USN-3188-1 linux vulnerability

Andrey Konovalov discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. A remote attacker could use this to cause a denial of service system crash...