[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250038

 
 

909

 
 

195843

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2021-3772Date: (C)2021-12-09   (M)2024-05-10


A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 6.5CVSS Score : 5.8
Exploit Score: 2.2Exploit Score: 8.6
Impact Score: 4.2Impact Score: 4.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: HIGHAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: NONEAvailability: PARTIAL
Integrity: LOW 
Availability: HIGH 
  
Reference:
DSA-5096
N/A
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
https://bugzilla.redhat.com/show_bug.cgi?id=2000694
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=32f8807a48ae55be0e76880cfe8607a18b5bb0df
https://github.com/torvalds/linux/commit/32f8807a48ae55be0e76880cfe8607a18b5bb0df
https://security.netapp.com/advisory/ntap-20221007-0001/
https://ubuntu.com/security/CVE-2021-3772

CWE    1
CWE-354
OVAL    34
oval:org.secpod.oval:def:2500747
oval:org.secpod.oval:def:506895
oval:org.secpod.oval:def:1505650
oval:org.secpod.oval:def:1505555
...

© SecPod Technologies