The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows…
redhat·CWE-476·Published 2014-08-01
The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.
The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.
La función sctp_assoc_update en net/sctp/associola.c en el kernel de Linux hasta 3.15.8, cuando la autenticación SCTP está habilitada, permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y OOPS) mediante el inicio del establecimiento de una asociación entre dos endpoints inmediatamente después de un intercambio de fragmentos INIT y INIT ACK para establecer una asociación anterior entre estos endpoints en la dirección opuesta.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 7.1 | 8.6 | 6.9 | AV:N/AC:M/Au:N/C:N/I:N/A:C |