Veracode Vulnerability DatabaseVERACODE:26099Denial Of Service (DoS)
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
usrsctp is vulnerable to denial of service. An out-of-bounds read in sctp_load_addresses_from_init allows an attacker to crash the application.
References
lists.opensuse.org/opensuse-security-announce/2020-03/msg00022.html
lists.opensuse.org/opensuse-security-announce/2020-03/msg00028.html
lists.opensuse.org/opensuse-security-announce/2020-03/msg00030.html
lists.opensuse.org/opensuse-security-announce/2020-03/msg00037.html
seclists.org/fulldisclosure/2020/May/49
seclists.org/fulldisclosure/2020/May/52
seclists.org/fulldisclosure/2020/May/55
seclists.org/fulldisclosure/2020/May/59
access.redhat.com/errata/RHSA-2020:0815
access.redhat.com/errata/RHSA-2020:0816
access.redhat.com/errata/RHSA-2020:0819
access.redhat.com/errata/RHSA-2020:0820
bugs.chromium.org/p/project-zero/issues/detail?id=1992
chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_18.html
crbug.com/1059349
github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467
lists.debian.org/debian-lts-announce/2020/03/msg00013.html
lists.debian.org/debian-lts-announce/2020/03/msg00023.html
lists.fedoraproject.org/archives/list/[email protected]/message/2DDNOAGIX5D77TTHT6YPMVJ5WTXTCQEI/
lists.fedoraproject.org/archives/list/[email protected]/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/
lists.fedoraproject.org/archives/list/[email protected]/message/JWANFIR3PYAL5RJQ4AO3ZS2DYMSF2ZGZ/
security.gentoo.org/glsa/202003-02
security.gentoo.org/glsa/202003-10
support.apple.com/HT211168
support.apple.com/HT211171
support.apple.com/HT211175
support.apple.com/HT211177
support.apple.com/kb/HT211168
support.apple.com/kb/HT211171
support.apple.com/kb/HT211175
support.apple.com/kb/HT211177
usn.ubuntu.com/4299-1/
usn.ubuntu.com/4328-1/
usn.ubuntu.com/4335-1/
www.debian.org/security/2020/dsa-4639
www.debian.org/security/2020/dsa-4642
www.debian.org/security/2020/dsa-4645
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P