Lucene search
+L

258 matches found

OSV
OSV
added 2021/11/30 10:22 p.m.6 views

USN-5162-1 linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem-5.13, linux-oracle, linux-raspi vulnerabilities

Ilja Van Sprundel discovered that the SCTP implementation in the Linux kernel did not properly perform size validations on incoming packets in some situations. An attacker could possibly use this to expose sensitive information kernel memory. CVE-2021-3655 It was discovered that the AMD...

7.8CVSS6.9AI score0.00533EPSS
Exploits2References6
OSV
OSV
added 2021/11/19 11:3 a.m.12 views

OESA-2021-1433 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packe...

6.5CVSS5.9AI score0.0124EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2021/11/09 6:6 p.m.2 views

kernel: Race condition in sctp_destroy_sock list_del

A use-after-free flaw was found in the Linux kernel's SCTP socket functionality that triggers a race condition. This flaw allows a local user to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

7CVSS6.7AI score0.00482EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2021/10/27 12:0 a.m.6 views

The vulnerability of the WebRTC component in the Google Chrome web browser, related to the use of memory after it is freed, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the WebRTC component in the Google Chrome web browser is related to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to access confidential data, compromise its integrity, and cause service interruptions through a specially create...

8.8CVSS7.6AI score0.01102EPSS
Exploits1References11Affected Software5
Positive Technologies
Positive Technologies
added 2021/10/14 12:0 a.m.23 views

PT-2022-4748 · Linux +7 · Linux Kernel +7

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw was found in the sctp make strreset req function in net/sctp/sm make chunk.c in the SCTP network protocol. This issue is related to an attempt to use more buffer than is...

9.8CVSS7.5AI score0.89063EPSS
Exploits337References1612
CNNVD
CNNVD
added 2021/09/08 12:0 a.m.2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel SCTP, where an attacker may be able to kill an existing SCTP association with an invalid block if the attacker knows the IP...

6.5CVSS6.7AI score0.0124EPSS
Exploits0References39
Positive Technologies
Positive Technologies
added 2021/09/08 12:0 a.m.29 views

PT-2021-7751 · Linux +9 · Linux +9

Name of the Vulnerable Software and Affected Versions: Linux affected versions not specified Description: A flaw was found in the Linux SCTP stack, allowing a blind attacker to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being...

9.8CVSS7.7AI score0.93838EPSS
Exploits350References1892
BDU FSTEC
BDU FSTEC
added 2021/08/06 12:0 a.m.4 views

The vulnerability of Linux operating system kernels, related to deficiencies in input data validation, allows attackers to gain unauthorized access to protected information.

The vulnerability of Linux operating system kernels is related to deficiencies in the validation of input data during the processing of SCTP packets. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to protected information...

3.3CVSS6.6AI score0.00308EPSS
Exploits0References28Affected Software4
Positive Technologies
Positive Technologies
added 2021/06/28 12:0 a.m.12 views

PT-2021-1518 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to v5.14-rc1 Description: The issue is related to insufficient input validation when handling SCTP packets, which may allow a remote attacker to gain unauthorized access to protected information. This could lead to...

9.8CVSS7.4AI score0.93838EPSS
Exploits338References1549
RedHat Linux
RedHat Linux
added 2021/01/11 1:54 p.m.2 views

Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...

8.8CVSS7.4AI score0.01304EPSS
Exploits0References5
OSV
OSV
added 2021/01/08 12:0 a.m.2 views

UBUNTU-CVE-2020-16044

Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...

8.8CVSS7.3AI score0.01304EPSS
Exploits0References5
OSV
OSV
added 2020/08/26 3:15 p.m.4 views

CVE-2020-5918

In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management Microkernel TMM may stop responding when processing Stream Control Transmission Protocol SCTP traffic when traffic volume is high. This vulnerability...

7.5CVSS7.1AI score0.01044EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/08/10 6:40 a.m.3 views

chromium-browser: Inappropriate implementation in WebRTC

Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream...

6.5CVSS7.3AI score0.0779EPSS
Exploits6References5
CNVD
CNVD
added 2020/07/28 12:0 a.m.2 views

Google Chrome Code Execution Vulnerability (CNVD-2020-49886)

Google Chrome is a web browser from Google, Inc.SCTP is one of the Stream Control Transmission Protocols SCTP. A security vulnerability exists in SCTP in versions prior to Google Chrome 84.0.4147.105. An attacker can exploit the vulnerability to execute arbitrary code with the help of specially...

8.8CVSS9.3AI score0.01294EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/05/07 12:0 a.m.6 views

The vulnerability of the `sctp_load_addresses_from_init` function in the implementation of the USRCTP protocol, which supports multiple addresses, relates to reading beyond the buffer boundaries in memory. This allows a malicious actor to cause a service failure.

The vulnerability of the sctploadaddressesfrominit function in the implementation of the USCTCP protocol, which supports multiple addresses, is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

7.1CVSS7.2AI score0.03155EPSS
Exploits1References22Affected Software12
RedHat Linux
RedHat Linux
added 2020/05/06 10:49 a.m.5 views

usrsctp: Buffer overflow in AUTH chunk input validation

A flaw was found in Mozilla Firefox and Thunderbird. When parsing and validating SCTP chunks in WebRTC a memory buffer overflow could occur leading to memory corruption and an exploitable crash. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

9.8CVSS7.5AI score0.05803EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2020/02/17 12:0 a.m.13 views

The vulnerability of the SCTP control protocol implementation in the StarOS operating system allows a attacker to induce a service failure.

The vulnerability of the SCTP control protocol implementation in the StarOS operating system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

7.1CVSS6.5AI score0.01389EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2019/11/05 8:56 p.m.5 views

kernel: SCTP socket buffer memory leak leading to denial of service

The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack...

6.5CVSS6.9AI score0.01771EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2019/03/26 7:45 a.m.6 views

kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service

An error in the "sctpmakechunk" function net/sctp/smmakechunk.c when handling SCTP, packet length can be exploited by a malicious local user to cause a kernel crash and a DoS...

5.5CVSS7.1AI score0.0055EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2018/10/30 12:31 p.m.4 views

kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service

An error in the "sctpmakechunk" function net/sctp/smmakechunk.c when handling SCTP, packet length can be exploited by a malicious local user to cause a kernel crash and a DoS...

5.5CVSS7.1AI score0.0055EPSS
Exploits1References4
Rows per page
Query Builder