The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
19 May 2023, 16:50
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1be9a950c646c9092fb3618197f7b6bfb50e82aa - Vendor Advisory |
13 Feb 2023, 00:42
Type | Values Removed | Values Added |
---|---|---|
Summary | The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction. | |
References |
|
02 Feb 2023, 20:18
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. |
Information
Published : 2014-08-01 11:13
Updated : 2023-12-10 11:31
NVD link : CVE-2014-5077
Mitre link : CVE-2014-5077
CVE.ORG link : CVE-2014-5077
JSON object : View
Products Affected
suse
- linux_enterprise_server
- linux_enterprise_desktop
- linux_enterprise_real_time_extension
redhat
- enterprise_linux_server_aus
- enterprise_linux_server_tus
- enterprise_linux_eus
linux
- linux_kernel
canonical
- ubuntu_linux
CWE
CWE-476
NULL Pointer Dereference