Lucene search
+L

258 matches found

OSV
OSV
added 2024/11/19 2:16 a.m.11 views

UBUNTU-CVE-2024-50299

In the Linux kernel, the following vulnerability has been resolved: sctp: properly validate chunk size in sctpsfootb A size validation fix similar to that in Commit 50619dbf8db7 "sctp: add size validation when walking chunks" is also required in sctpsfootb to address a crash reported by syzbot:...

5.5CVSS6.2AI score0.00266EPSS
Exploits0References56
RedHat Linux
RedHat Linux
added 2024/11/05 12:54 a.m.5 views

kernel: sctp: Fix null-ptr-deref in reuseport_add_sock().

In the Linux kernel, the following vulnerability has been resolved: sctp: Fix null-ptr-deref in reuseportaddsock. syzbot reported a null-ptr-deref while accessing sk2-skreuseportcb in reuseportaddsock. 0 The repro first creates a listener with SOREUSEPORT. Then, it creates another listener on the...

5.5CVSS6.3AI score0.00226EPSS
Exploits0References5
OSV
OSV
added 2024/10/21 6:15 p.m.5 views

AZL-52914 CVE-2024-49944 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: sctp: set skstate back to CLOSED if autobind fails in sctplistenstart In sctplistenstart invoked by sctpinetlisten, it should set the skstate back to CLOSED if sctpautobind fails due to whatever reason. Otherwise, next time when...

5.5CVSS6.4AI score0.00277EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/21 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the failure to reset skstate to CLOSED in the sctp subsystem upon an auto-bind failure, which could result i...

5.5CVSS6.6AI score0.00277EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2024/09/30 12:0 a.m.22 views

The vulnerability of the sctp_sf_do_unexpected_init() function in the Linux kernel of the SCTP protocol allows a attacker to cause a service failure.

The vulnerability of the sctpsfdounexpectedinit function in the SCTP protocol’s kernel implementation in Linux is related to a memory leak that occurs when processing invalid INIT packets. Exploiting this vulnerability can allow an attacker to cause a service failure remotely...

8.6CVSS5.5AI score
Exploits0References1Affected Software2
OSV
OSV
added 2024/08/26 11:15 a.m.1 views

DEBIAN-CVE-2024-44935

In the Linux kernel, the following vulnerability has been resolved: sctp: Fix null-ptr-deref in reuseportaddsock. syzbot reported a null-ptr-deref while accessing sk2-skreuseportcb in reuseportaddsock. 0 The repro first creates a listener with SOREUSEPORT. Then, it creates another listener on the...

5.5CVSS5.6AI score0.00226EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/08/19 12:0 a.m.6 views

The vulnerability of the sctp_sock_dump() function in the Linux operating system’s SCTP kernel component, which allows a hacker to cause a service failure

The vulnerability of the sctpsockdump function in the Linux operating system’s SCTP kernel component is related to the use of callrcu for memory release. Exploiting this vulnerability could allow an attacker to trigger a service failure...

5.5CVSS6.4AI score0.00248EPSS
Exploits0References23Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/06/28 12:0 a.m.8 views

The vulnerability of the update_sctp_checksum() function in the QEMU hardware emulation software allows a hacker to trigger a service failure.

The vulnerability of the updatesctpchecksum function in the QEMU hardware emulation software is related to a flaw that allows an attacker to cause a service failure when attempting to calculate the checksum of a small-sized fragmented packet. Exploiting this vulnerability could enable a remote...

5.5CVSS6.7AI score0.00445EPSS
Exploits1References6Affected Software3
RedHat Linux
RedHat Linux
added 2024/05/22 10:16 a.m.8 views

kernel: netfilter: xtables sctp out-of-bounds read in match_flags()

A flaw was found in the Netfilter subsystem in the Linux kernel. The sctpmtcheck did not validate the flagcount field. This flaw allows a local privileged CAPNETADMIN attacker to trigger an out-of-bounds read, leading to a crash or information disclosure...

6.1CVSS6.8AI score0.00415EPSS
Exploits0References5
OSV
OSV
added 2024/05/21 3:15 p.m.2 views

DEBIAN-CVE-2021-47397

In the Linux kernel, the following vulnerability has been resolved: sctp: break out if skbheaderpointer returns NULL in sctprcvootb We should always check if skbheaderpointer's return is NULL before using it, otherwise it may cause null-ptr-deref, as syzbot reported: KASAN: null-ptr-deref in rang...

5.5CVSS5.3AI score0.00251EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/02/21 12:33 a.m.5 views

kernel: sctp: fail if no bound addresses can be used for a given scope

A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service...

5.5CVSS6.6AI score0.00238EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/02/07 4:32 p.m.4 views

kernel: sctp: fail if no bound addresses can be used for a given scope

A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service...

5.5CVSS6.6AI score0.00238EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/02/07 4:21 p.m.7 views

kernel: sctp: fail if no bound addresses can be used for a given scope

A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service...

5.5CVSS6.6AI score0.00238EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/11/14 3:46 p.m.3 views

kernel: sctp: fix a potential overflow in sctp_ifwdtsn_skip

In the Linux kernel, the following vulnerability has been resolved: sctp: fix a potential overflow in sctpifwdtsnskip Currently, when traversing ifwdtsn skips with sctpwalkifwdtsn, it only checks the pos against the end of the chunk. However, the data left for the last pos may be sizeofstruct...

7.8CVSS6.2AI score0.00155EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/11/14 3:46 p.m.4 views

kernel: sctp: fail if no bound addresses can be used for a given scope

A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service...

5.5CVSS6.6AI score0.00238EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/11/14 3:24 p.m.5 views

kernel: sctp: fail if no bound addresses can be used for a given scope

A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service...

5.5CVSS6.6AI score0.00238EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/11/07 9:3 a.m.3 views

kernel: sctp: fail if no bound addresses can be used for a given scope

A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service...

5.5CVSS6.6AI score0.00238EPSS
Exploits0References6
Microsoft CVE
Microsoft CVE
added 2023/10/12 7:0 a.m.8 views

Kernel: netfilter: xtables sctp out-of-bounds read in match_flags()

...

6.1CVSS7AI score0.00415EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2023/04/28 7:0 a.m.4 views

A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in allocation is failed stream_out is freed which would further be accessed. A local user could use this flaw to crash the system or potentially cause a denial of service.

...

5.5CVSS7.1AI score0.00209EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/04/20 2:6 a.m.3 views

SUSE CVE-2023-2177

A null pointer dereference issue was found in the sctp network protocol in net/sctp/streamsched.c in Linux Kernel. If streamin allocation is failed, streamout is freed which would further be accessed. A local user could use this flaw to crash the system or potentially cause a denial of service...

5.5CVSS6.8AI score0.00209EPSS
Exploits0References19
Rows per page
Query Builder