CVE-2026-53224

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. Specifically, improper validation of embedded INIT chunk and address list lengths in SCTP cookies could allow a remote attacker to trigger out-of-bounds reads. This could lead to information disclosur...

EUVD-2026-39197

In the Linux kernel, the following vulnerability has been resolved: sctp: validate cached peer INIT chunk length in COOKIEECHO processing When a listening SCTP server processes a COOKIEECHO chunk, the cached peer INIT chunk embedded after the cookie is parsed and its parameters are later walked b...

CVE-2026-53246

CVE-2026-53246 affects the Linux kernel SCTP implementation. When a listening SCTP server processes a COOKIE_ECHO chunk, a cached peer INIT chunk embedded after the cookie could have its header length inflated beyond the remaining COOKIE_ECHO data. This allowed the parameter walk performed by sct...

CVE-2026-53224

The CVE-2026-53224 entry pertains to the Linux kernel SCTP cookie parsing. The vulnerability arises because sctp_unpack_cookie() only validated that an embedded INIT chunk’s length did not exceed the remaining cookie payload, but did not ensure the INIT header fit, allowing a malformed COOKIE_ECH...

VulnCheck KEV: CVE-2010-1173

The sctpprocessunkparam function in net/sctp/smmakechunk.c in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled, allows remote attackers to cause a denial of service system crash via an SCTPChunkInit packet containing multiple invalid parameters that require a large amount of error data...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000803)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000803 advisory. The sctpprocessparam function in net/sctp/smmakechunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001916)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001916 advisory. The sctpprocessparam function in net/sctp/smmakechunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to...

K16016: Linux kernel SCTP vulnerability CVE-2014-7841

Security Advisory Description The sctpprocessparam function in net/sctp/smmakechunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service NULL pointer dereference and system crash via a malformed INIT chunk...

SUSE CVE-2010-1173

The sctpprocessunkparam function in net/sctp/smmakechunk.c in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled, allows remote attackers to cause a denial of service system crash via an SCTPChunkInit packet containing multiple invalid parameters that require a large amount of error data...

SUSE CVE-2011-1573

net/sctp/smmakechunk.c in the Linux kernel before 2.6.34, when addipenable and authenable are used, does not consider the amount of zero padding during calculation of chunk lengths for 1 INIT and 2 INIT ACK chunks, which allows remote attackers to cause a denial of service OOPS via crafted packet...

SUSE CVE-2014-7841

The sctpprocessparam function in net/sctp/smmakechunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service NULL pointer dereference and system crash via a malformed INIT chunk...

Ubuntu 14.04 LTS : Linux kernel (Utopic HWE) vulnerabilities (USN-2467-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2467-1 advisory. A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this fl...

DEBIAN-CVE-2014-7841

The sctpprocessparam function in net/sctp/smmakechunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service NULL pointer dereference and system crash via a malformed INIT chunk...

CVE-2014-7841

The sctpprocessparam function in net/sctp/smmakechunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service NULL pointer dereference and system crash via a malformed INIT chunk...

Null pointer dereference

The sctpprocessparam function in net/sctp/smmakechunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service NULL pointer dereference and system crash via a malformed INIT chunk...

CVE-2014-7841

The sctpprocessparam function in net/sctp/smmakechunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service NULL pointer dereference and system crash via a malformed INIT chunk...

CVE-2014-7841

The sctpprocessparam function in net/sctp/smmakechunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service NULL pointer dereference and system crash via a malformed INIT chunk...

CVE-2014-7841

The sctpprocessparam function in net/sctp/smmakechunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service NULL pointer dereference and system crash via a malformed INIT chunk...

PT-2014-1822 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.17.4 kernel-debuginfo-2.6.32 versions 2.6.32 kernel-debug-devel-2.6.32 versions 2.6.32 kernel-doc-2.6.32 versions 2.6.32 kernel-debuginfo-common-i686 versions 2.6.32 kernel-headers-2.6.32 versions 2.6.32...

Null pointer dereference

The sctpsfdo51Dce function in net/sctp/smstatefuns.c in the Linux kernel through 3.13.6 does not validate certain authenable and authcapable fields before making an sctpsfauthenticate call, which allows remote attackers to cause a denial of service NULL pointer dereference and system crash via an...