Back to search
CVE-2008-4618
Published: Oct 20, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
The Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service (panic) via unspecified vectors, related to sctp_sf_violation_paramlen, sctp_sf_abort_violation, sctp_make_abort_violation, and incorrect data types in function calls.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
32998
third-party-advisory
x_refsource_SECUNIA
RHSA-2009:0009
vendor-advisory
x_refsource_REDHAT
SUSE-SA:2008:053
vendor-advisory
x_refsource_SUSE
33586
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20081006 CVE request: kernel: sctp: Fix kernel panic while process protocol violation parameter
mailing-list
x_refsource_MLIST
32918
third-party-advisory
x_refsource_SECUNIA
USN-679-1
vendor-advisory
x_refsource_UBUNTU
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27
x_refsource_CONFIRM
31848
vdb-entry
x_refsource_BID
DSA-1681
vendor-advisory
x_refsource_DEBIAN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now