kernel: sctp: memory overflow when FWD-TSN chunk is received with bad stream ID

Buffer overflow in net/sctp/smstatefuns.c in the Stream Control Transmission Protocol sctp implementation in the Linux kernel before 2.6.28-git8 allows remote attackers to have an unknown impact via an FWD-TSN aka FORWARD-TSN chunk with a large stream ID...

kernel: sctp: memory overflow when FWD-TSN chunk is received with bad stream ID

Buffer overflow in net/sctp/smstatefuns.c in the Stream Control Transmission Protocol sctp implementation in the Linux kernel before 2.6.28-git8 allows remote attackers to have an unknown impact via an FWD-TSN aka FORWARD-TSN chunk with a large stream ID...

kernel: sctp: memory overflow when FWD-TSN chunk is received with bad stream ID

Buffer overflow in net/sctp/smstatefuns.c in the Stream Control Transmission Protocol sctp implementation in the Linux kernel before 2.6.28-git8 allows remote attackers to have an unknown impact via an FWD-TSN aka FORWARD-TSN chunk with a large stream ID...

kernel: sctp: Fix oops when INIT-ACK indicates that peer doesn't support AUTH

sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service OOPS via an INIT-ACK that states the peer does not support AUTH, which causes the sctpprocessinit function to clean up active transports and triggers the OOPS when the T1-Init timer expires...

kernel: sctp: Fix kernel panic while process protocol violation parameter

The Stream Control Transmission Protocol sctp implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service panic via unspecified vectors, related to...

kernel: sctp_getsockopt_hmac_ident information disclosure

The sctpgetsockopthmacident function in net/sctp/socket.c in the Stream Control Transmission Protocol sctp implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an untrusted length value to limit copying of data from kernel memory, which allows loc...

Linux kernel sctp_setsockopt_auth_key() integer overflow

Integer overflow in the sctpsetsockoptauthkey function in net/sctp/socket.c in the Stream Control Transmission Protocol sctp implementation in the Linux kernel 2.6.24-rc1 through 2.6.26.3 allows remote attackers to cause a denial of service panic or possibly have unspecified other impact via a...

security flaw

Linux SCTP lksctp before 2.6.17 allows remote attackers to cause a denial of service deadlock via a large number of small messages to a receiver application that cannot process the messages quickly enough, which leads to "spillover of the receive buffer."...