PT-2022-4748 · Linux +7 · Linux Kernel +7

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw was found in the sctp make strreset req function in net/sctp/sm make chunk.c in the SCTP network protocol. This issue is related to an attempt to use more buffer than is...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel SCTP, where an attacker may be able to kill an existing SCTP association with an invalid block if the attacker knows the IP...

PT-2021-7751 · Linux +9 · Linux +9

Name of the Vulnerable Software and Affected Versions: Linux affected versions not specified Description: A flaw was found in the Linux SCTP stack, allowing a blind attacker to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being...

The vulnerability of Linux operating system kernels, related to deficiencies in input data validation, allows attackers to gain unauthorized access to protected information.

The vulnerability of Linux operating system kernels is related to deficiencies in the validation of input data during the processing of SCTP packets. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to protected information...

PT-2021-1518 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to v5.14-rc1 Description: The issue is related to insufficient input validation when handling SCTP packets, which may allow a remote attacker to gain unauthorized access to protected information. This could lead to...

USN-5003-1 linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities

Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. CVE-2021-3609 It was discovered that the eBPF implementation in the Linux kernel...

The vulnerability of the component of the software framework for transmitting real-time streaming video and audio via WebRTC in the Intel Collaboration Suite, which allows attackers to enhance their privileges.

The vulnerability of the component of the software framework for transmitting real-time streaming video and audio in the Intel Collaboration Suite for WebRTC is related to inadequate control of data streams. Exploiting this vulnerability can allow a malicious actor to enhance their privileges...

Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...

Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...

USN-4687-1 firefox vulnerability

A use-after-free was discovered in Firefox when handling SCTP packets. An attacker could potentially exploit this to cause a denial of service, or execute arbitrary code...

UBUNTU-CVE-2020-16044

Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...

DEBIAN-CVE-2020-6532

Use after free in SCTP in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2020-5918

In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management Microkernel TMM may stop responding when processing Stream Control Transmission Protocol SCTP traffic when traffic volume is high. This vulnerability...

chromium-browser: Inappropriate implementation in WebRTC

Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream...

Google Chrome Code Execution Vulnerability (CNVD-2020-49886)

Google Chrome is a web browser from Google, Inc.SCTP is one of the Stream Control Transmission Protocols SCTP. A security vulnerability exists in SCTP in versions prior to Google Chrome 84.0.4147.105. An attacker can exploit the vulnerability to execute arbitrary code with the help of specially...

FreeBSD Resource Management Error Vulnerability

FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. A resource management error vulnerability in FreeBSD versions prior to 12.1-STABLE r352509, prior to 11.3-STABLE r352509, and prior to 11.3-RELEASE p9, which stems from a failure of the SCTP layer to properly check when ...

The vulnerability of the `sctp_load_addresses_from_init` function in the implementation of the USRCTP protocol, which supports multiple addresses, relates to reading beyond the buffer boundaries in memory. This allows a malicious actor to cause a service failure.

The vulnerability of the sctploadaddressesfrominit function in the implementation of the USCTCP protocol, which supports multiple addresses, is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

usrsctp: Buffer overflow in AUTH chunk input validation

A flaw was found in Mozilla Firefox and Thunderbird. When parsing and validating SCTP chunks in WebRTC a memory buffer overflow could occur leading to memory corruption and an exploitable crash. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

The vulnerability of the SCTP control protocol implementation in the StarOS operating system allows a attacker to induce a service failure.

The vulnerability of the SCTP control protocol implementation in the StarOS operating system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

Cisco Mobility Management Entity SCTP Denial of Service Vulnerability

Cisco Mobility Management Entity is a Cisco mobility management solution. Cisco Mobility Management Entity handles SCTP with input validation present, which can be exploited by a remote attacker to submit a special SCTP communication that can crash the application and cause a denial of service...