The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data.
References
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 02:37
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
19 Jan 2023, 16:13
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.8 - Release Notes, Vendor Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00044.html - Mailing List, Third Party Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2017-0091.html - Third Party Advisory | |
References | (CONFIRM) https://bto.bluecoat.com/security-advisory/sa134 - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00067.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://groups.google.com/forum/#!topic/syzkaller/pAUcHsUJbjk - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00087.html - Mailing List, Third Party Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2017-0086.html - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00055.html - Mailing List, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00076.html - Mailing List, Third Party Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2017-0307.html - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00070.html - Mailing List, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00073.html - Mailing List, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00056.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=1397930 - Issue Tracking, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00054.html - Mailing List, Third Party Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2017-0113.html - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00077.html - Mailing List, Third Party Advisory |
Information
Published : 2016-11-28 03:59
Updated : 2023-12-10 12:01
NVD link : CVE-2016-9555
Mitre link : CVE-2016-9555
CVE.ORG link : CVE-2016-9555
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-125
Out-of-bounds Read