258 matches found
wireshark: DoS (infinite loop) in the SCTP dissector (wnpa-sec-2012-33)
Integer overflow in the dissectsackchunk function in epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.8.x before 1.8.4 allows remote attackers to cause a denial of service infinite loop via a crafted Duplicate TSN count...
UBUNTU-CVE-2013-4350
The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which allows remote attackers to obtain sensitive information by sniffing the network...
kernel: sctp: duplicate cookie handling NULL pointer dereference
The sctpsfdo524dupcook function in net/sctp/smstatefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers to cause a denial of service NULL pointer dereference a...
DEBIAN-CVE-2013-2206
The sctpsfdo524dupcook function in net/sctp/smstatefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers to cause a denial of service NULL pointer dereference a...
UBUNTU-CVE-2013-2206
The sctpsfdo524dupcook function in net/sctp/smstatefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers to cause a denial of service NULL pointer dereference a...
UBUNTU-CVE-2012-6056
Integer overflow in the dissectsackchunk function in epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.8.x before 1.8.4 allows remote attackers to cause a denial of service infinite loop via a crafted Duplicate TSN count...
PT-2013-1396 · Red Hat +1 · Red Hat +1
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.21 Red Hat Enterprise Linux RHEL 5 Description: The issue is related to a certain Red Hat patch to the sctp sock migrate function in net/sctp/socket.c in the Linux kernel. It allows remote attackers to cause...
kernel: sctp: a race between ICMP protocol unreachable and connect()
Race condition in the sctpicmpprotounreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service panic via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and...
kernel: sctp: do not reset the packet during sctp_packet_config
The sctppacketconfig function in net/sctp/output.c in the Linux kernel before 2.6.35.6 performs extraneous initializations of packet data structures, which allows remote attackers to cause a denial of service panic via a certain sequence of SCTP traffic...
kernel: sctp remote denial of service
The sctprcvootb function in the SCTP implementation in the Linux kernel before 2.6.23 allows remote attackers to cause a denial of service infinite loop via 1 an Out Of The Blue OOTB chunk or 2 a chunk of zero length...
kernel: sctp: memory overflow when FWD-TSN chunk is received with bad stream ID
Buffer overflow in net/sctp/smstatefuns.c in the Stream Control Transmission Protocol sctp implementation in the Linux kernel before 2.6.28-git8 allows remote attackers to have an unknown impact via an FWD-TSN aka FORWARD-TSN chunk with a large stream ID...
kernel: sctp: memory overflow when FWD-TSN chunk is received with bad stream ID
Buffer overflow in net/sctp/smstatefuns.c in the Stream Control Transmission Protocol sctp implementation in the Linux kernel before 2.6.28-git8 allows remote attackers to have an unknown impact via an FWD-TSN aka FORWARD-TSN chunk with a large stream ID...
kernel: sctp: memory overflow when FWD-TSN chunk is received with bad stream ID
Buffer overflow in net/sctp/smstatefuns.c in the Stream Control Transmission Protocol sctp implementation in the Linux kernel before 2.6.28-git8 allows remote attackers to have an unknown impact via an FWD-TSN aka FORWARD-TSN chunk with a large stream ID...
kernel: sctp: Fix oops when INIT-ACK indicates that peer doesn't support AUTH
sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service OOPS via an INIT-ACK that states the peer does not support AUTH, which causes the sctpprocessinit function to clean up active transports and triggers the OOPS when the T1-Init timer expires...
kernel: sctp: Fix kernel panic while process protocol violation parameter
The Stream Control Transmission Protocol sctp implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service panic via unspecified vectors, related to...
Linux kernel sctp_setsockopt_auth_key() integer overflow
Integer overflow in the sctpsetsockoptauthkey function in net/sctp/socket.c in the Stream Control Transmission Protocol sctp implementation in the Linux kernel 2.6.24-rc1 through 2.6.26.3 allows remote attackers to cause a denial of service panic or possibly have unspecified other impact via a...
kernel: sctp_getsockopt_hmac_ident information disclosure
The sctpgetsockopthmacident function in net/sctp/socket.c in the Stream Control Transmission Protocol sctp implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an untrusted length value to limit copying of data from kernel memory, which allows loc...
security flaw
Linux SCTP lksctp before 2.6.17 allows remote attackers to cause a denial of service deadlock via a large number of small messages to a receiver application that cannot process the messages quickly enough, which leads to "spillover of the receive buffer."...