1. Home
  2. Vulnerabilities
  3. CVE-2019-8956

CVE-2019-8956

CVSS v3.1 7.8 (High)
78% Progress
CVSS v2.0 7.2 (High)
72% Progress
EPSS 0.05 % (21th)
0.05% Progress
Affected Products 2
Advisories 2
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory.

Weaknesses
CWE-416
Use After Free
CWE-787
Out-of-bounds Write
CVE Status
PUBLISHED
CNA
Flexera Software LLC
Published Date
2019-04-01 19:29:01
(5 years ago)
Updated Date
2023-02-24 18:43:10
(19 months ago)

Affected Products

Canonical

Linux

Configuration #1

    CPE23 From Up To
  Linux Kernel from 4.17 version and prior 4.19.21 version cpe:2.3:o:linux:linux_kernel >= 4.17 < 4.19.21
  Linux Kernel from 4.20 version and prior 4.20.8 version cpe:2.3:o:linux:linux_kernel >= 4.20 < 4.20.8

Configuration #2

    CPE23 From Up To
  Canonical Ubuntu Linux 18.04 cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts
  Canonical Ubuntu Linux 18.10 cpe:2.3:o:canonical:ubuntu_linux:18.10