7.8

CVE-2014-3687

Exploit
The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.27 < 3.2.64
LinuxLinux Kernel Version >= 3.3 < 3.4.107
LinuxLinux Kernel Version >= 3.5 < 3.10.61
LinuxLinux Kernel Version >= 3.11 < 3.12.34
LinuxLinux Kernel Version >= 3.13 < 3.14.25
LinuxLinux Kernel Version >= 3.15 < 3.16.35
LinuxLinux Kernel Version >= 3.17 < 3.17.4
RedhatEnterprise Mrg Version2.0
CanonicalUbuntu Linux Version12.04 SwEditionesm
DebianDebian Linux Version7.0
OpensuseEvergreen Version11.4
SuseLinux Enterprise Real Time Extension Version11 Updatesp3
SuseSuse Linux Enterprise Server Version11 Updatesp2 SwEditionltss
OracleLinux Version5 Update-
OracleLinux Version6 Update-
OracleLinux Version7 Update-
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.58% 0.944
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html
Third Party Advisory
Mailing List
http://rhn.redhat.com/errata/RHSA-2015-0062.html
Third Party Advisory
http://www.ubuntu.com/usn/USN-2417-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2418-1
Third Party Advisory
http://marc.info/?l=bugtraq&m=142722450701342&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=142722544401658&w=2
Third Party Advisory
Mailing List
http://www.debian.org/security/2014/dsa-3060
Third Party Advisory
http://linux.oracle.com/errata/ELSA-2014-3087.html
Third Party Advisory
http://linux.oracle.com/errata/ELSA-2014-3088.html
Third Party Advisory
http://linux.oracle.com/errata/ELSA-2014-3089.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html
Third Party Advisory
Mailing List
http://rhn.redhat.com/errata/RHSA-2015-0115.html
Third Party Advisory
http://secunia.com/advisories/62428
Broken Link
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b69040d8e39f20d5215a03502a8e8b4c6ab78395
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/70766
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1155731
Patch
Third Party Advisory
Issue Tracking
https://github.com/torvalds/linux/commit/b69040d8e39f20d5215a03502a8e8b4c6ab78395
Patch
Third Party Advisory
Exploit