258 matches found
USN-5162-1 linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem-5.13, linux-oracle, linux-raspi vulnerabilities
Ilja Van Sprundel discovered that the SCTP implementation in the Linux kernel did not properly perform size validations on incoming packets in some situations. An attacker could possibly use this to expose sensitive information kernel memory. CVE-2021-3655 It was discovered that the AMD...
OESA-2021-1433 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packe...
kernel: Race condition in sctp_destroy_sock list_del
A use-after-free flaw was found in the Linux kernel's SCTP socket functionality that triggers a race condition. This flaw allows a local user to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...
The vulnerability of the WebRTC component in the Google Chrome web browser, related to the use of memory after it is freed, allows attackers to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the WebRTC component in the Google Chrome web browser is related to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to access confidential data, compromise its integrity, and cause service interruptions through a specially create...
PT-2022-4748 · Linux +7 · Linux Kernel +7
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw was found in the sctp make strreset req function in net/sctp/sm make chunk.c in the SCTP network protocol. This issue is related to an attempt to use more buffer than is...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel SCTP, where an attacker may be able to kill an existing SCTP association with an invalid block if the attacker knows the IP...
PT-2021-7751 · Linux +9 · Linux +9
Name of the Vulnerable Software and Affected Versions: Linux affected versions not specified Description: A flaw was found in the Linux SCTP stack, allowing a blind attacker to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being...
The vulnerability of Linux operating system kernels, related to deficiencies in input data validation, allows attackers to gain unauthorized access to protected information.
The vulnerability of Linux operating system kernels is related to deficiencies in the validation of input data during the processing of SCTP packets. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to protected information...
PT-2021-1518 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to v5.14-rc1 Description: The issue is related to insufficient input validation when handling SCTP packets, which may allow a remote attacker to gain unauthorized access to protected information. This could lead to...
Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk
Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...
UBUNTU-CVE-2020-16044
Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet...
CVE-2020-5918
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management Microkernel TMM may stop responding when processing Stream Control Transmission Protocol SCTP traffic when traffic volume is high. This vulnerability...
chromium-browser: Inappropriate implementation in WebRTC
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream...
Google Chrome Code Execution Vulnerability (CNVD-2020-49886)
Google Chrome is a web browser from Google, Inc.SCTP is one of the Stream Control Transmission Protocols SCTP. A security vulnerability exists in SCTP in versions prior to Google Chrome 84.0.4147.105. An attacker can exploit the vulnerability to execute arbitrary code with the help of specially...
The vulnerability of the `sctp_load_addresses_from_init` function in the implementation of the USRCTP protocol, which supports multiple addresses, relates to reading beyond the buffer boundaries in memory. This allows a malicious actor to cause a service failure.
The vulnerability of the sctploadaddressesfrominit function in the implementation of the USCTCP protocol, which supports multiple addresses, is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
usrsctp: Buffer overflow in AUTH chunk input validation
A flaw was found in Mozilla Firefox and Thunderbird. When parsing and validating SCTP chunks in WebRTC a memory buffer overflow could occur leading to memory corruption and an exploitable crash. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...
The vulnerability of the SCTP control protocol implementation in the StarOS operating system allows a attacker to induce a service failure.
The vulnerability of the SCTP control protocol implementation in the StarOS operating system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
kernel: SCTP socket buffer memory leak leading to denial of service
The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack...
kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service
An error in the "sctpmakechunk" function net/sctp/smmakechunk.c when handling SCTP, packet length can be exploited by a malicious local user to cause a kernel crash and a DoS...
kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service
An error in the "sctpmakechunk" function net/sctp/smmakechunk.c when handling SCTP, packet length can be exploited by a malicious local user to cause a kernel crash and a DoS...