4.9
CVE-2008-2826
- EPSS 0.43%
- Veröffentlicht 02.07.2008 16:41:00
- Zuletzt bearbeitet 16.06.2026 22:54:33
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Integer overflow in the sctp_getsockopt_local_addrs_old function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) functionality in the Linux kernel before 2.6.25.9 allows local users to cause a denial of service (resource consumption and system outage) via vectors involving a large addr_num field in an sctp_getaddrs_old data structure.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 2.6.25.9
Debian ≫ Debian Linux Version4.0
Canonical ≫ Ubuntu Linux Version6.06
Canonical ≫ Ubuntu Linux Version7.04
Canonical ≫ Ubuntu Linux Version7.10
Canonical ≫ Ubuntu Linux Version8.04 SwEdition-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.43% | 0.341 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.9 | 3.9 | 6.9 |
AV:L/AC:L/Au:N/C:N/I:N/A:C
|
CWE-190 Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
http://secunia.com/advisories/31628
http://www.redhat.com/support/errata/RHSA-2008-0585.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:174
http://secunia.com/advisories/31107
http://www.ubuntu.com/usn/usn-625-1
http://www.mandriva.com/security/advisories?name=MDVSA-2008:167
http://secunia.com/advisories/31551
http://www.debian.org/security/2008/dsa-1630
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html
http://secunia.com/advisories/32370
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.html
http://secunia.com/advisories/30901
http://secunia.com/advisories/31202
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0207
https://issues.rpath.com/browse/RPL-2629
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.9
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=735ce972fbc8a65fb17788debd7bbe7b4383cc62
http://lwn.net/Articles/287350/
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.7
http://www.securityfocus.com/bid/29990
http://www.securitytracker.com/id?1020514
http://www.vupen.com/english/advisories/2008/2511
https://exchange.xforce.ibmcloud.com/vulnerabilities/43559