CVE-2021-3772

Name of the Vulnerable Software and Affected Versions Linux (affected versions not specified)

Description A flaw was found in the Linux SCTP stack, allowing a blind attacker to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and can send packets with spoofed IP addresses. The vulnerability is related to the lack of VTAG verification in received user blocks and the incorrect use of the ABORT flag in response to these blocks. This can be exploited by a remote attacker to cause a denial of service, closing the connection.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.