7.8
CVE-2014-0101
- EPSS 3.09%
- Published 11.03.2014 13:01:06
- Last modified 12.04.2025 10:46:40
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.
Data is provided by the National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 2.6.24 < 3.2.56
Linux ≫ Linux Kernel Version >= 3.3 < 3.4.84
Linux ≫ Linux Kernel Version >= 3.5 < 3.10.34
Linux ≫ Linux Kernel Version >= 3.11 < 3.12.15
Linux ≫ Linux Kernel Version >= 3.13 < 3.13.7
Redhat ≫ Enterprise Linux Desktop Version6.0
Redhat ≫ Enterprise Linux Eus Version6.3
Redhat ≫ Enterprise Linux Eus Version6.4
Redhat ≫ Enterprise Linux Eus Version6.5
Redhat ≫ Enterprise Linux Server Version6.0
Redhat ≫ Enterprise Linux Server Aus Version6.4
Redhat ≫ Enterprise Linux Server Aus Version6.5
Redhat ≫ Enterprise Linux Server Tus Version6.5
Redhat ≫ Enterprise Linux Workstation Version6.0
Canonical ≫ Ubuntu Linux Version10.04 SwEdition-
F5 ≫ Big-ip Access Policy Manager Version >= 11.1.0 <= 11.5.3
F5 ≫ Big-ip Advanced Firewall Manager Version >= 11.3.0 <= 11.5.3
F5 ≫ Big-ip Analytics Version >= 11.1.0 <= 11.5.3
F5 ≫ Big-ip Application Acceleration Manager Version >= 11.4.0 <= 11.5.3
F5 ≫ Big-ip Application Security Manager Version >= 11.1.0 <= 11.5.3
F5 ≫ Big-ip Edge Gateway Version >= 11.1.0 <= 11.3.0
F5 ≫ Big-ip Enterprise Manager Version >= 2.1.0 <= 2.3.0
F5 ≫ Big-ip Enterprise Manager Version >= 3.0.0 <= 3.1.1
F5 ≫ Big-ip Global Traffic Manager Version >= 11.1.0 <= 11.5.3
F5 ≫ Big-ip Link Controller Version >= 11.1.0 <= 11.5.3
F5 ≫ Big-ip Local Traffic Manager Version >= 11.1.0 <= 11.5.3
F5 ≫ Big-ip Policy Enforcement Manager Version >= 11.3.0 <= 11.5.3
F5 ≫ Big-ip Protocol Security Module Version >= 11.1.0 <= 11.4.1
F5 ≫ Big-ip Wan Optimization Manager Version >= 11.1.0 <= 11.3.0
F5 ≫ Big-ip Webaccelerator Version >= 11.1.0 <= 11.3.0
F5 ≫ Big-iq Adc Version4.5.0
F5 ≫ Big-iq Centralized Management Version4.6.0
F5 ≫ Big-iq Cloud Version >= 4.0.0 <= 4.5.0
F5 ≫ Big-iq Device Version >= 4.2.0 <= 4.5.0
F5 ≫ Big-iq Security Version >= 4.0.0 <= 4.5.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.09% | 0.862 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.