5.5

CVE-2018-5803

In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 3.2.102
LinuxLinux Kernel Version >= 3.3 < 4.1.51
LinuxLinux Kernel Version >= 4.3 < 4.9.87
LinuxLinux Kernel Version >= 4.10 < 4.14.25
LinuxLinux Kernel Version >= 4.15 < 4.15.8
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
RedhatVirtualization Host Version4.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.06% 0.186
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.9 3.9 6.9
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://usn.ubuntu.com/3698-1/
Third Party Advisory
https://usn.ubuntu.com/3698-2/
Third Party Advisory
https://usn.ubuntu.com/3654-1/
Third Party Advisory
https://usn.ubuntu.com/3654-2/
Third Party Advisory
https://usn.ubuntu.com/3656-1/
Third Party Advisory
https://usn.ubuntu.com/3697-1/
Third Party Advisory
https://usn.ubuntu.com/3697-2/
Third Party Advisory
https://www.spinics.net/lists/netdev/msg482523.html
Third Party Advisory
Mailing List