CVE-2014-0101
CVSS v2.0
7.8 (High)
EPSS
91.79 % (99th)
Affected Products
27
Advisories
63
The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.
Weaknesses
- CWE-476
- NULL Pointer Dereference
- CVE Status
- PUBLISHED
- CNA
- Red Hat, Inc.
- Published Date
-
2014-03-11 13:01:06
(10 years ago) - Updated Date
-
2023-02-13 00:32:28
(19 months ago)
Affected Products
- Big-ip Access Policy Manager
- Big-ip Advanced Firewall Manager
- Big-ip Analytics
- Big-ip Application Acceleration Manager
- Big-ip Application Security Manager
- Big-ip Edge Gateway
- Big-ip Enterprise Manager
- Big-ip Global Traffic Manager
- Big-ip Link Controller
- Big-ip Local Traffic Manager
- Big-ip Policy Enforcement Manager
- Big-ip Protocol Security Module
- Big-ip Wan Optimization Manager
- Big-ip Webaccelerator
- Big-iq Adc
- Big-iq Centralized Management
- Big-iq Cloud
- Big-iq Device
- Big-iq Security
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Configuration #4
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...