[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-3688Date: (C)2014-12-09   (M)2024-04-17


The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
DSA-3060
HPSBGN03282
HPSBGN03285
RHSA-2015:0062
RHSA-2015:0115
SUSE-SU-2015:0481
SUSE-SU-2015:0652
SUSE-SU-2015:0736
USN-2417-1
USN-2418-1
http://www.openwall.com/lists/oss-security/2014/11/13/8
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=26b87c7881006311828bb0ab271a551a62dcceb4
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4
https://bugzilla.redhat.com/show_bug.cgi?id=1155745
https://github.com/torvalds/linux/commit/26b87c7881006311828bb0ab271a551a62dcceb4
openSUSE-SU-2015:0566

CWE    1
CWE-399
OVAL    37
oval:org.secpod.oval:def:702328
oval:org.secpod.oval:def:702336
oval:org.secpod.oval:def:108666
oval:org.secpod.oval:def:108483
...

© SecPod Technologies