CVE-2014-3687
published 2014-11-10CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | linux | < linux 3.16.7-1 (bookworm) | linux 3.16.7-1 (bookworm) |
| linux | linux_kernel | >= 0 < 3.16.7-1 | 3.16.7-1 |
| linux | linux_kernel | >= 0 < 3.16.7-1 | 3.16.7-1 |
| linux | linux_kernel | >= 0 < 3.16.7-1 | 3.16.7-1 |
| linux | linux_kernel | >= 0 < 3.16.7-1 | 3.16.7-1 |
| linux | linux_kernel | >= 0 < 3.13.0-43.72 | 3.13.0-43.72 |
| linux | linux_kernel | >= 2.6.27 < 3.2.64 | 3.2.64 |
| linux | linux_kernel | >= 3.11 < 3.12.34 | 3.12.34 |
| linux | linux_kernel | >= 3.13 < 3.14.25 | 3.14.25 |
| linux | linux_kernel | >= 3.15 < 3.16.35 | 3.16.35 |
| linux | linux_kernel | >= 3.17 < 3.17.4 | 3.17.4 |
| linux | linux_kernel | >= 3.3 < 3.4.107 | 3.4.107 |
| linux | linux_kernel | >= 3.5 < 3.10.61 | 3.10.61 |
| novell | suse_linux_enterprise_desktop | — | — |
| novell | suse_linux_enterprise_server | — | — |
| opensuse | evergreen | — | — |
| oracle | linux | — | — |
| oracle | linux | — | — |
| oracle | linux | — | — |
| redhat | enterprise_mrg | — | — |
| suse | linux_enterprise_real_time_extension | — | — |
| suse | linux_enterprise_software_development_kit | — | — |
| suse | linux_enterprise_workstation_extension | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH