Lucene search
+L

258 matches found

OSV
OSV
added 2025/05/07 10:15 p.m.5 views

CVE-2025-41399

When a Stream Control Transmission Protocol SCTP profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS5.8AI score0.00352EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/07 12:0 a.m.4 views

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, and load balancing from F5 USA. A security vulnerability exists in F5 BIG-IP that stems from an SCTP configuration that results in increased memory resource utilization...

8.7CVSS7.8AI score0.00352EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/05/07 12:0 a.m.2 views

Avoid Using Uncommon Network Services

Some protocols are seldom used and their communities develop slowly. Therefore, related security issues cannot be quickly resolved. If these protocols are not disabled, attackers may exploit the protocols or code vulnerabilities to launch attacks. Stream Control Transmission Protocol SCTP is used...

7.4AI score
Exploits0References3
OSV
OSV
added 2025/05/05 9:36 p.m.27 views

CLSA-2025-1746479711 kernel-uek: Fix of 218 CVEs

sctp: sysctl: authenable: avoid using current-nsproxy - sctp: sysctl: cookiehmacalg: avoid using current-nsproxy CVE-2025-21640 - bpf: Use preemptcount directly in bpfsendsignalcommon - Revert "sctp: sysctl: cookiehmacalg: avoid using current-nsproxy" - jfs: fix slab-out-of-bounds read in eaget -...

8.8CVSS7AI score0.09117EPSS
Exploits3References1
SUSE CVE
SUSE CVE
added 2025/05/02 2:3 a.m.4 views

SUSE CVE-2025-23142

In the Linux kernel, the following vulnerability has been resolved: sctp: detect and prevent references to a freed transport in sendmsg sctpsendmsg re-uses associations and transports when possible by doing a lookup based on the socket endpoint and the message destination address, and then...

5.5CVSS7.5AI score0.00185EPSS
Exploits0References16
CNNVD
CNNVD
added 2025/05/01 12:0 a.m.5 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from sctp not clearing outcurr, which could lead to a list deletion error...

5.5CVSS5.1AI score0.00183EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.12 views

PT-2025-18396

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, which could lead to a use-after-free read when sending messages using the sctp sendmsg function. This occurs when another thread...

7.8CVSS6.8AI score0.00185EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/03/27 12:0 a.m.10 views

The vulnerability of the sctp_sf_ootb() function in the net/sctp/sm_statefuns.c module of the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the sctpsfootb function in the net/sctp/smstatefuns.c module of the Linux kernel is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to cause a service failure...

5.5CVSS6.7AI score0.00266EPSS
Exploits0References19Affected Software7
Microsoft CVE
Microsoft CVE
added 2025/03/14 7:0 a.m.6 views

sctp: sysctl: rto_min/max: avoid using current->nsproxy

...

5.5CVSS7.3AI score0.00224EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/02/24 12:0 a.m.6 views

The vulnerability of the sctp component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the sctp component in the Linux operating system’s kernel is related to the assignment of the NULL pointer. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS6.5AI score0.00226EPSS
Exploits0References41Affected Software7
AstraLinux
AstraLinux
added 2025/02/11 7:35 a.m.7 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: SCTP: Set skstate back to CLOSED if autobind fails in sctplistenstart. In sctplistenstart called by sctpinetlisten, it should set skstate back to CLOSED if sctpautobind fails for any reason. Otherwise, the next time...

5.5CVSS6.4AI score0.00277EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/01/21 12:0 a.m.5 views

PT-2025-2383

Name of the Vulnerable Software and Affected Versions: OpenAirInterface CN5G AMF oai-cn5g-amf versions up to v2.0.0 Description: The issue is related to improper file descriptor handling for closed connections, which allows attackers to cause a Denial of Service DoS by repeatedly establishing SCT...

7.5CVSS5.9AI score0.0041EPSS
Exploits0References7
OSV
OSV
added 2025/01/19 11:15 a.m.1 views

DEBIAN-CVE-2025-21637

In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: udpport: avoid using current-nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the...

5.5CVSS5.6AI score0.00207EPSS
Exploits0References1
OSV
OSV
added 2025/01/19 11:15 a.m.1 views

DEBIAN-CVE-2025-21638

In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: authenable: avoid using current-nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the...

5.5CVSS5.6AI score0.00229EPSS
Exploits0References1
OSV
OSV
added 2025/01/19 11:15 a.m.10 views

DEBIAN-CVE-2025-21636

In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: plpmtudprobeinterval: avoid using current-nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info fro...

5.5CVSS5.6AI score0.00207EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/01/13 12:0 a.m.7 views

The vulnerability of the sctp_v6_available() function in the net/sctp/ipv6.c module of the Linux operating system’s SCTP protocol implementation allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the sctpv6available function in the net/sctp/ipv6.c module of the Linux operating system’s SCTP protocol implementation is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...

7.8CVSS7.2AI score0.00214EPSS
Exploits0References12Affected Software4
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.5 views

PT-2025-37957

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw was discovered in the Linux kernel related to the initialization of fields within the sctp v6 from sk function in the SCTP Stream Control Transmission Protocol implementation...

5.5CVSS6.1AI score0.0016EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/12/12 8:0 a.m.3 views

sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start

...

5.5CVSS6.8AI score0.00277EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/12/12 8:0 a.m.5 views

sctp: properly validate chunk size in sctp_sf_ootb()

...

5.5CVSS6.8AI score0.00266EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2024/11/19 3:48 a.m.3 views

SUSE CVE-2024-50299

In the Linux kernel, the following vulnerability has been resolved: sctp: properly validate chunk size in sctpsfootb A size validation fix similar to that in Commit 50619dbf8db7 "sctp: add size validation when walking chunks" is also required in sctpsfootb to address a crash reported by syzbot:...

6.5CVSS7.6AI score0.00266EPSS
Exploits0References18
Rows per page
Query Builder