CVE-2014-4667

CWE-190Integer Overflow14 documents8 sources
Severity
5.0MEDIUM
EPSS
14.1%
top 5.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Linux Linux KernelCanonical Ubuntu LinuxDebian Debian Linux+3 more
Timeline
PublishedJul 3
Latest updateMay 13

Description

The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

NVDlinux/linux_kernel< 3.15.2
Debianlinux< 3.14.9-1+3

Also affects: Debian Linux 7.0, Ubuntu Linux 12.04

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-6f8q-p6j4-j3h5: The sctp_association_free function in net/sctp/associola2022-05-13
OSV
CVE-2014-4667: The sctp_association_free function in net/sctp/associola2014-07-03
CVEList
CVE-2014-4667: The sctp_association_free function in net/sctp/associola2014-07-03

📋Vendor Advisories

8
Ubuntu
Linux kernel (OMAP4) vulnerabilities2014-09-02
Ubuntu
Linux kernel vulnerabilities2014-09-02
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities2014-09-02
Ubuntu
Linux kernel (EC2) vulnerabilities2014-09-02
Ubuntu
Linux kernel vulnerabilities2014-09-02

💬Community

2
Bugzilla
CVE-2014-4667 kernel: sctp: sk_ack_backlog wrap-around problem [fedora-all]2014-06-27
Bugzilla
CVE-2014-4667 kernel: sctp: sk_ack_backlog wrap-around problem2014-06-27