EUVD-2026-39315

In the Linux kernel, the following vulnerability has been resolved: sctp: validate embedded INIT chunk and address list lengths in cookie sctpunpackcookie only checked that the embedded INIT chunk length did not exceed the remaining cookie payload, but did not ensure that the INIT chunk is large...

kernel: net: sctp: NULL pointer dereference in af->from_addr_param on malformed packet

A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change ASCONF. A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system...

UBUNTU-CVE-2014-0101

The sctpsfdo51Dce function in net/sctp/smstatefuns.c in the Linux kernel through 3.13.6 does not validate certain authenable and authcapable fields before making an sctpsfauthenticate call, which allows remote attackers to cause a denial of service NULL pointer dereference and system crash via an...

kernel: sctp: crash due to malformed SCTPChunkInit packet

The sctpprocessunkparam function in net/sctp/smmakechunk.c in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled, allows remote attackers to cause a denial of service system crash via an SCTPChunkInit packet containing multiple invalid parameters that require a large amount of error data...