Lucene search

K
cve[email protected]CVE-2014-0101
HistoryMar 11, 2014 - 1:01 p.m.

CVE-2014-0101

2014-03-1113:01:00
CWE-476
web.nvd.nist.gov
133
cve-2014-0101
sctp
linux kernel
denial of service
remote attackers
security vulnerability

6.5 Medium

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.918 High

EPSS

Percentile

98.9%

The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.

6.5 Medium

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.918 High

EPSS

Percentile

98.9%