3 matches found
CVE-2008-4445
The sctpauthepsethmacs function in net/sctp/auth.c in the Stream Control Transmission Protocol sctp implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify that the identifier index is within the bounds established by SCTPAUTHHMACIDMAX, which...
CVE-2008-4445
The sctpauthepsethmacs function in net/sctp/auth.c in the Stream Control Transmission Protocol sctp implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify that the identifier index is within the bounds established by SCTPAUTHHMACIDMAX, which...
Null pointer dereference
net/sctp/socket.c in the Stream Control Transmission Protocol sctp implementation in the Linux kernel before 2.6.26.4 does not verify that the SCTP-AUTH extension is enabled before proceeding with SCTP-AUTH API functions, which allows attackers to cause a denial of service NULL pointer dereferenc...