7.8
CVE-2014-3673
- EPSS 9.8%
- Veröffentlicht 10.11.2014 11:55:06
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle secalert@redhat.com
- Teams Watchlist Login
- Unerledigt Login
The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 2.6.12 < 3.2.64
Linux ≫ Linux Kernel Version >= 3.3 < 3.4.107
Linux ≫ Linux Kernel Version >= 3.5 < 3.10.61
Linux ≫ Linux Kernel Version >= 3.11 < 3.12.34
Linux ≫ Linux Kernel Version >= 3.13 < 3.14.25
Linux ≫ Linux Kernel Version >= 3.15 < 3.16.35
Linux ≫ Linux Kernel Version >= 3.17 < 3.17.4
Redhat ≫ Enterprise Linux Version5.0
Redhat ≫ Enterprise Mrg Version2.0
Canonical ≫ Ubuntu Linux Version12.04 SwEditionesm
Debian ≫ Debian Linux Version7.0
Suse ≫ Linux Enterprise Software Development Kit Version12 Update-
Suse ≫ Linux Enterprise Workstation Extension Version12
Suse ≫ Suse Linux Enterprise Server Version10 Updatesp4 SwEditionltss
Suse ≫ Suse Linux Enterprise Server Version11 Updatesp1 SwEditionltss
Suse ≫ Suse Linux Enterprise Server Version11 Updatesp2 SwEditionltss
Suse ≫ Suse Linux Enterprise Server Version12
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 9.8% | 0.922 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.