CVE-2010-3705

CVSS v2.0 8.3 (High)

EPSS 0.65 % (80^th)

Affected Products 4

Advisories 13

The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux kernel before 2.6.36 does not properly validate the hmac_ids array of an SCTP peer, which allows remote attackers to cause a denial of service (memory corruption and panic) via a crafted value in the last element of this array.

Weaknesses

CWE-400: Uncontrolled Resource Consumption

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2010-11-26 20:00:02
(14 years ago)
Updated Date: 2023-02-13 04:25:51
(19 months ago)

Affected Products

Configuration #1

		CPE23	From	Up To
	Linux Kernel prior 2.6.36 version	cpe:2.3:o:linux:linux_kernel		< 2.6.36

Configuration #2

		CPE23	From	Up To
	Fedoraproject Fedora 13	cpe:2.3:o:fedoraproject:fedora:13

Configuration #3

		CPE23	From	Up To
	Debian Linux 5.0	cpe:2.3:o:debian:debian_linux:5.0

Configuration #4

		CPE23	From	Up To
	Canonical Ubuntu Linux 6.06	cpe:2.3:o:canonical:ubuntu_linux:6.06
	Canonical Ubuntu Linux 8.04	cpe:2.3:o:canonical:ubuntu_linux:8.04:::*:-
	Canonical Ubuntu Linux 9.04	cpe:2.3:o:canonical:ubuntu_linux:9.04
	Canonical Ubuntu Linux 9.10	cpe:2.3:o:canonical:ubuntu_linux:9.10
	Canonical Ubuntu Linux 10.04	cpe:2.3:o:canonical:ubuntu_linux:10.04:::*:-
	Canonical Ubuntu Linux 10.10	cpe:2.3:o:canonical:ubuntu_linux:10.10

Weaknesses

Affected Products

Canonical

Debian

Fedoraproject

Linux

Configuration #1

Configuration #2

Configuration #3

Configuration #4