CVE-2026-37228

FlexRIC v2.0.0 is affected by a reachable assertion in e2ap_recv_sctp_msg() (src/lib/ep/e2ap_ep.c). The code allocates a fixed 32 KB receive buffer and asserts rc = 32,768 bytes to crash the near-RT RIC, iApp, E2 Agent, or xApp process via SIGABRT. All four SCTP endpoint types (ports 36421 and 36...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: SCTP: The comparison of MACs has been fixed to require constant-time operations. To prevent timing attacks, MACs need to be compared in constant-time. Use the appropriate helper functions for this purpose...

EUVD-2026-26352

Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Remote attackers can craft packets which cause affected systems to panic. This affects any system where pf is configured to process traffic, independent...

FreeBSD -- pf can overflow the stack parsing crafted SCTP packets

Problem Description: Incorrect packet validation allowed unbounded recursion parsing SCTP chunk parameters. This can eventually result in a stack overflow and panic. Impact: Remote attackers can craft packets which cause affected systems to panic. This affects any system where pf is configured to...

SUSE-SU-2026:20253-1 Security update for the Linux Kernel RT (Live Patch 10 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise kernel 6.4.0-34.1 fixes various security issues The following security issues were fixed: - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow bsc1251787. - CVE-2025-38476: rpl: Fix use-after-free in rpldosrhinline bsc125120...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002248)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002248 advisory. The sctpassocupdate function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a deni...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992514)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992514 advisory. In the Linux kernel, the following vulnerability has been resolved: sctp: check send stream number after waitforsndbuf This patch fixes a corner case where the asoc...

CVE-2019-25248

Beward N100 M2.1.6.04C014 is affected by an unauthenticated remote access vulnerability that lets an attacker retrieve the camera’s RTSP live stream without credentials. The issue is caused by lack of authentication in the video access mechanism, enabling direct RTSP stream access over the networ...

SUSE CVE-2023-53296

In the Linux kernel, the following vulnerability has been resolved: sctp: check send stream number after waitforsndbuf This patch fixes a corner case where the asoc out stream count may change after waitforsndbuf. When the main thread in the client starts a connection, if its out stream count is...

CVE-2024-32876 NewPipe has potential security vulnerability when importing settings

NewPipe is an Android app for video streaming written in Java. It supports exporting and importing backups, as a way to let users move their data to a new device effortlessly. However, in versions 0.13.4 through 0.26.1, importing a backup file from an untrusted source could have resulted in...

OESA-2023-1381 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A memory corruption flaw was found in the Linux kernel’s human interface device HID subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the...

DEBIAN-CVE-2023-2177

A null pointer dereference issue was found in the sctp network protocol in net/sctp/streamsched.c in Linux Kernel. If streamin allocation is failed, streamout is freed which would further be accessed. A local user could use this flaw to crash the system or potentially cause a denial of service...

SUSE CVE-2011-4348

Race condition in the sctprcv function in net/sctp/input.c in the Linux kernel before 2.6.29 allows remote attackers to cause a denial of service system hang via SCTP packets. NOTE: in some environments, this issue exists because of an incomplete fix for CVE-2011-2482...

USN-5163-1 linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities

Ilja Van Sprundel discovered that the SCTP implementation in the Linux kernel did not properly perform size validations on incoming packets in some situations. An attacker could possibly use this to expose sensitive information kernel memory. CVE-2021-3655 It was discovered that the Option USB Hi...

FreeBSD Buffer Overflow Vulnerability (CNVD-2020-51503)

FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. FreeBSD suffers from a buffer overflow vulnerability that can be exploited by an attacker to trigger a denial of service and code execution via an SCTP socket...

chromium-browser: Inappropriate implementation in WebRTC

Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream...

chromium-browser: Inappropriate implementation in WebRTC

Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream...

chromium-browser: Inappropriate implementation in WebRTC

Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream...

UBUNTU-CVE-2020-6514

Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream...

DEBIAN-CVE-2013-4350

The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which allows remote attackers to obtain sensitive information by sniffing the network...