Vulnerability Description
Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (infinite recursion and crash) via a packet that contains two or more DATA fragments, which causes an skb pointer to refer back to itself when the full message is reassembled, leading to infinite recursion in the sctp_skb_pull function.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lksctp | Stream Control Transmission Protocol | 2.6.17 |
References
- http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%
- http://secunia.com/advisories/20237
- http://secunia.com/advisories/20398
- http://secunia.com/advisories/20671
- http://secunia.com/advisories/20716
- http://secunia.com/advisories/20914
- http://secunia.com/advisories/21045
- http://secunia.com/advisories/21476
- http://secunia.com/advisories/21745
- http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm
- http://www.debian.org/security/2006/dsa-1097
- http://www.debian.org/security/2006/dsa-1103
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:123
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:150
- http://www.novell.com/linux/security/advisories/2006-05-31.html
FAQ
What is CVE-2006-2274?
CVE-2006-2274 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (infinite recursion and crash) via a packet that contains two or more DATA fragments, which causes an skb pointer...
How severe is CVE-2006-2274?
CVE-2006-2274 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2274?
Check the references section above for vendor advisories and patch information. Affected products include: Lksctp Stream Control Transmission Protocol.