CVE-2014-5077

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.15.9

Description The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and OOPS, when SCTP authentication is enabled. This occurs by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.

Recommendations For Linux kernel versions prior to 3.15.9, update to version 3.15.9 or later to resolve the issue.

Exploit

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2014-1981

ALT-PU-2014-1982

ALT-PU-2014-1983

ALT-PU-2014-2009

ALT-PU-2014-2043

CESA-2014_1392

CESA-2014_1724

CVE-2014-5077

DLA-103-1

MGASA-2014-0316

MGASA-2014-0318

MGASA-2014-0336

MGASA-2014-0337

OPENSUSE-SU-2014_1669-1

OPENSUSE-SU-2014_1677-1

RHSA-2014:1083

RHSA-2014:1392

RHSA-2014:1668

RHSA-2014:1724

RHSA-2014:1763

RHSA-2014:1872

RHSA-2014_1392

RHSA-2014_1724

SUSE-RU-2015:0621-1

SUSE-SU-2015:0481-1

SUSE-SU-2015:0581-1

SUSE-SU-2015:0652-1

SUSE-SU-2015:0736-1

SUSE-SU-2015:1174-1

SUSE-SU-2015:1376-1

USN-2332-1

USN-2333-1

USN-2334-1

USN-2335-1

USN-2358-1

USN-2359-1

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

CVE-2014-5077

Weakness Enumeration

Related Identifiers

Affected Products

References · 70