5

CVE-2006-2274

Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (infinite recursion and crash) via a packet that contains two or more DATA fragments, which causes an skb pointer to refer back to itself when the full message is reassembled, leading to infinite recursion in the sctp_skb_pull function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.82% 0.887
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/21476
http://secunia.com/advisories/20237
http://secunia.com/advisories/21745
http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm
http://www.redhat.com/support/errata/RHSA-2006-0493.html
http://secunia.com/advisories/20914
http://www.debian.org/security/2006/dsa-1103
http://www.vupen.com/english/advisories/2006/2554
http://secunia.com/advisories/20398
http://www.novell.com/linux/security/advisories/2006-05-31.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:150
http://secunia.com/advisories/20671
http://www.debian.org/security/2006/dsa-1097
http://secunia.com/advisories/21045
http://www.mandriva.com/security/advisories?name=MDKSA-2006:123
http://secunia.com/advisories/20716
http://www.ubuntu.com/usn/usn-302-1
http://www.trustix.org/errata/2006/0026
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=672e7cca17ed6036a1756ed34cf20dbd72d5e5f6
http://www.osvdb.org/25746
http://www.securityfocus.com/bid/17955
https://exchange.xforce.ibmcloud.com/vulnerabilities/26432
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9531