CVE - CVE-2014-5077

CVE-ID
CVE-2014-5077	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1030681 URL:http://www.securitytracker.com/id/1030681 MISC:59777 URL:http://secunia.com/advisories/59777 MISC:60430 URL:http://secunia.com/advisories/60430 MISC:60545 URL:http://secunia.com/advisories/60545 MISC:60564 URL:http://secunia.com/advisories/60564 MISC:60744 URL:http://secunia.com/advisories/60744 MISC:62563 URL:http://secunia.com/advisories/62563 MISC:68881 URL:http://www.securityfocus.com/bid/68881 MISC:RHSA-2014:1083 URL:http://rhn.redhat.com/errata/RHSA-2014-1083.html MISC:RHSA-2014:1668 URL:http://rhn.redhat.com/errata/RHSA-2014-1668.html MISC:RHSA-2014:1763 URL:http://rhn.redhat.com/errata/RHSA-2014-1763.html MISC:SUSE-SU-2014:1316 URL:http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html MISC:SUSE-SU-2014:1319 URL:http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html MISC:USN-2334-1 URL:http://www.ubuntu.com/usn/USN-2334-1 MISC:USN-2335-1 URL:http://www.ubuntu.com/usn/USN-2335-1 MISC:USN-2358-1 URL:http://www.ubuntu.com/usn/USN-2358-1 MISC:USN-2359-1 URL:http://www.ubuntu.com/usn/USN-2359-1 MISC:[oss-security] 20140725 Re: CVE request Linux Kernel: net: SCTP: NULL pointer dereference URL:http://www.openwall.com/lists/oss-security/2014/07/26/1 MISC:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1be9a950c646c9092fb3618197f7b6bfb50e82aa URL:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1be9a950c646c9092fb3618197f7b6bfb50e82aa MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1122982 URL:https://bugzilla.redhat.com/show_bug.cgi?id=1122982 MISC:https://github.com/torvalds/linux/commit/1be9a950c646c9092fb3618197f7b6bfb50e82aa URL:https://github.com/torvalds/linux/commit/1be9a950c646c9092fb3618197f7b6bfb50e82aa MISC:linux-kernel-cve20145077-dos(95134) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/95134
Assigning CNA
Red Hat, Inc.
Date Record Created
20140724	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20140724)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.