[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-1421Date: (C)2015-04-06   (M)2024-04-17


Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 10.0
Exploit Score: 10.0
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1032172
BID-72356
DSA-3170
RHSA-2015:0726
RHSA-2015:0751
RHSA-2015:0782
RHSA-2015:0864
RHSA-2015:1082
SUSE-SU-2015:0832
SUSE-SU-2015:1478
USN-2541-1
USN-2542-1
USN-2545-1
USN-2546-1
USN-2562-1
USN-2563-1
http://www.openwall.com/lists/oss-security/2015/01/29/15
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=600ddd6825543962fb807884169e57b580dba208
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.8
https://bugzilla.redhat.com/show_bug.cgi?id=1196581
https://github.com/torvalds/linux/commit/600ddd6825543962fb807884169e57b580dba208

CPE    4
cpe:/o:debian:debian_linux:7.0
cpe:/o:debian:debian_linux:8.0
cpe:/o:canonical:ubuntu_linux:14.10
cpe:/o:linux:linux_kernel
...
OVAL    34
oval:org.secpod.oval:def:52449
oval:org.secpod.oval:def:702502
oval:org.secpod.oval:def:702501
oval:org.secpod.oval:def:702482
...

© SecPod Technologies