Back to search
CVE-2016-9555
Published: Nov 28, 2016
Modified: Aug 6, 2024
PUBLISHED
Description
The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
SUSE-SU-2016:3096
vendor-advisory
x_refsource_SUSE
https://bto.bluecoat.com/security-advisory/sa134
x_refsource_CONFIRM
SUSE-SU-2016:3206
vendor-advisory
x_refsource_SUSE
SUSE-SU-2016:3169
vendor-advisory
x_refsource_SUSE
1037339
vdb-entry
x_refsource_SECTRACK
SUSE-SU-2016:3117
vendor-advisory
x_refsource_SUSE
SUSE-SU-2016:3197
vendor-advisory
x_refsource_SUSE
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.8
x_refsource_CONFIRM
https://groups.google.com/forum/#%21topic/syzkaller/pAUcHsUJbjk
x_refsource_CONFIRM
RHSA-2017:0086
vendor-advisory
x_refsource_REDHAT
RHSA-2017:0113
vendor-advisory
x_refsource_REDHAT
RHSA-2017:0091
vendor-advisory
x_refsource_REDHAT
94479
vdb-entry
x_refsource_BID
SUSE-SU-2016:3247
vendor-advisory
x_refsource_SUSE
[oss-security] 20161122 CVE Request: Linux: net/sctp: slab-out-of-bounds in sctp_sf_ootb
mailing-list
x_refsource_MLIST
SUSE-SU-2016:3183
vendor-advisory
x_refsource_SUSE
https://bugzilla.redhat.com/show_bug.cgi?id=1397930
x_refsource_CONFIRM
SUSE-SU-2016:3116
vendor-advisory
x_refsource_SUSE
SUSE-SU-2016:3113
vendor-advisory
x_refsource_SUSE
RHSA-2017:0307
vendor-advisory
x_refsource_REDHAT
SUSE-SU-2016:3205
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now