Back to search
CVE-2008-3526
Published: Aug 27, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Integer overflow in the sctp_setsockopt_auth_key function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel 2.6.24-rc1 through 2.6.26.3 allows remote attackers to cause a denial of service (panic) or possibly have unspecified other impact via a crafted sca_keylength field associated with the SCTP_AUTH_KEY option.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
32190
third-party-advisory
x_refsource_SECUNIA
32393
third-party-advisory
x_refsource_SECUNIA
DSA-1636
vendor-advisory
x_refsource_DEBIAN
31881
third-party-advisory
x_refsource_SECUNIA
MDVSA-2008:223
vendor-advisory
x_refsource_MANDRIVA
USN-659-1
vendor-advisory
x_refsource_UBUNTU
SUSE-SA:2008:053
vendor-advisory
x_refsource_SUSE
RHSA-2008:0857
vendor-advisory
x_refsource_REDHAT
[oss-security] 20080826 CVE-2008-3526 Linux kernel sctp_setsockopt_auth_key() integer overflow
mailing-list
x_refsource_MLIST
linux-kernel-sctpsetsockoptauthkey-dos(44723)
vdb-entry
x_refsource_XF
30847
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now