1. Home
  2. Vulnerabilities
  3. CVE-2014-5077

CVE-2014-5077

CVSS v2.0 7.1 (High)
71% Progress
EPSS 2.50 % (90th)
2.50% Progress
Affected Products 8
Advisories 41
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.

Weaknesses
CWE-476
NULL Pointer Dereference
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2014-08-01 11:13:09
(10 years ago)
Updated Date
2023-05-19 16:50:38
(16 months ago)

Affected Products

Canonical

Linux

Redhat

Suse

Configuration #1

    CPE23 From Up To
  Linux Kernel from 2.6.24 version and prior 3.2.63 version cpe:2.3:o:linux:linux_kernel >= 2.6.24 < 3.2.63
  Linux Kernel from 3.3 version and prior 3.4.103 version cpe:2.3:o:linux:linux_kernel >= 3.3 < 3.4.103
  Linux Kernel from 3.5 version and prior 3.10.53 version cpe:2.3:o:linux:linux_kernel >= 3.5 < 3.10.53
  Linux Kernel from 3.11 version and prior 3.12.27 version cpe:2.3:o:linux:linux_kernel >= 3.11 < 3.12.27
  Linux Kernel from 3.13 version and prior 3.14.17 version cpe:2.3:o:linux:linux_kernel >= 3.13 < 3.14.17
  Linux Kernel from 3.15 version and prior 3.15.10 version cpe:2.3:o:linux:linux_kernel >= 3.15 < 3.15.10

Configuration #2

    CPE23 From Up To
  Suse Linux Enterprise Desktop 11 SP3 cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3
  Suse Linux Enterprise Real Time Extension 11 SP3 cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3
  Suse Linux Enterprise Server 11 SP3 cpe:2.3:o:suse:linux_enterprise_server:11:sp3
  Suse Linux Enterprise Server 11 SP3 for Vmware cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware

Configuration #3

    CPE23 From Up To
  Redhat Enterprise Linux Eus 6.5 cpe:2.3:o:redhat:enterprise_linux_eus:6.5
  Redhat Enterprise Linux Server Aus 6.2 cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2
  Redhat Enterprise Linux Server Aus 6.5 cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5
  Redhat Enterprise Linux Server Tus 6.5 cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5

Configuration #4

    CPE23 From Up To
  Canonical Ubuntu Linux 12.04 cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm
  Canonical Ubuntu Linux 14.04 cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm