Information Disclosure

2022-06-1500:45:01

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.001 Low

EPSS

Percentile

48.1%

JSON

kernel is vulnerable to information disclosure. The vulnerability exists due to a flaw was found in the Linux SCTP stack allowing an attacker to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.

CPENameOperatorVersion
kerneleq4.18.0__294.el8
kerneleq3.10.0__1160.15.2.el7
kerneleq2.6.18__371.8.1.el5
kerneleq2.6.32__431.20.5.el6
kerneleq2.6.32__220.4.7.bgq.el6
kerneleq2.6.18__238.12.1.el5
kerneleq2.6.32__71.7.1.el6
kerneleq3.10.0__693.11.6.el7
kerneleq2.6.32__358.59.1.el6
kerneleq2.6.32__754.27.1.el6

Name	Operator	Version
kernel	eq	4.18.0__294.el8
kernel	eq	3.10.0__1160.15.2.el7
kernel	eq	2.6.18__371.8.1.el5
kernel	eq	2.6.32__431.20.5.el6
kernel	eq	2.6.32__220.4.7.bgq.el6
kernel	eq	2.6.18__238.12.1.el5
kernel	eq	2.6.32__71.7.1.el6
kernel	eq	3.10.0__693.11.6.el7
kernel	eq	2.6.32__358.59.1.el6
kernel	eq	2.6.32__754.27.1.el6