14 matches found
EUVD-2019-6789
Malware in sbrugna...
EUVD-2008-4426
Malware in sbrugna...
DEBIAN-CVE-2022-50243
In the Linux kernel, the following vulnerability has been resolved: sctp: handle the error returned from sctpauthasocinitactivekey When it returns an error from sctpauthasocinitactivekey, the activekey is actually not updated. The old shkey will be freeed while it's still used as active key in...
Important: kernel
Issue Overview: Integer Overflow or Wraparound vulnerability in Linux kernel on x86 and ARM md, raid, raid5 modules allows Forced Integer Overflow. CVE-2024-23307 In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfochangednotify...
Design/Logic Flaw
In FreeBSD 12.1-STABLE before r352509, 11.3-STABLE before r352509, and 11.3-RELEASE before p9, an unprivileged local user can trigger a use-after-free situation due to improper checking in SCTP when an application tries to update an SCTP-AUTH shared key...
FreeBSD -- Improper checking in SCTP-AUTH shared key update
Problem Description: The SCTP layer does improper checking when an application tries to update a shared key. Therefore an unprivileged local user can trigger a use-after- free situation, for example by specific sequences of updating shared keys and closing the SCTP association. Impact: Triggering...
Linux Kernel < 2.6.26.4 - SCTP Kernel Memory Disclosure Exploit
No description provided by source. / cve-2008-4113.c Linux Kernel 2.6.26.4 SCTP kernel memory disclosure Jon Oberheide [email protected] http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4113 The sctpgetsockopthmacident function in net/sctp/socket.c in t...
CVE-2010-3705
The sctpauthasocgethmac function in net/sctp/auth.c in the Linux kernel before 2.6.36 does not properly validate the hmacids array of an SCTP peer, which allows remote attackers to cause a denial of service memory corruption and panic via a crafted value in the last element of this array...
CVE-2008-4445
The sctpauthepsethmacs function in net/sctp/auth.c in the Stream Control Transmission Protocol sctp implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify that the identifier index is within the bounds established by SCTPAUTHHMACIDMAX, which...
CVE-2008-4445
The sctpauthepsethmacs function in net/sctp/auth.c in the Stream Control Transmission Protocol sctp implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify that the identifier index is within the bounds established by SCTPAUTHHMACIDMAX, which...
CVE-2008-4445
The sctpauthepsethmacs function in net/sctp/auth.c in the Stream Control Transmission Protocol sctp implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify that the identifier index is within the bounds established by SCTPAUTHHMACIDMAX, which...
CVE-2008-4445
CVE-2008-4445 affects the Linux kernel SCTP implementation prior to 2.6.26.4. The vulnerability resides in sctp_auth_ep_set_hmacs (net/sctp/auth.c) where the identifier index is not validated against SCTP_AUTH_HMAC_ID_MAX when SCTP-AUTH is enabled. This can allow local users to obtain sensitive i...
[TKADV2008-007] Linux Kernel SCTP-AUTH API Information Disclosure Vulnerability and NULL Pointer Dereferences
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: Linux Kernel SCTP-AUTH API Information Disclosure Vulnerability and NULL Pointer Dereferences Advisory ID: TKADV2008-007 Revision: 1.1 Release Date: 2008/09/09 Last Modified: 2008/09/10 Date Reported: 2008/08/20 Author: Tobias Klein tk at...
Null pointer dereference
net/sctp/socket.c in the Stream Control Transmission Protocol sctp implementation in the Linux kernel before 2.6.26.4 does not verify that the SCTP-AUTH extension is enabled before proceeding with SCTP-AUTH API functions, which allows attackers to cause a denial of service NULL pointer dereferenc...