CVE-2014-3673

Published: Nov 10, 2014Modified: May 6, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.

Affected (21)

Products: Linux: Linux Kernel · Redhat: Enterprise Linux, Enterprise Mrg · Canonical: Ubuntu Linux · +4 more

Show all products

Linux: Linux Kernel · Redhat: Enterprise Linux, Enterprise Mrg · Canonical: Ubuntu Linux · Debian: Debian Linux · Opensuse: Evergreen · Suse: Linux Enterprise Software Development Kit, Linux Enterprise Workstation Extension, Suse Linux Enterprise Server · Oracle: Linux

1 product

2 products

1 product

1 product

1 product

3 products

Linux Enterprise Software Development Kit

Linux Enterprise Workstation Extension

Suse Linux Enterprise Server

Oracle

1 product

Linux

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 2.6.12 to 3.2.64
Linux Linux Kernel	From 3.11 to 3.12.34
Linux Linux Kernel	From 3.13 to 3.14.25
Linux Linux Kernel	From 3.15 to 3.16.35
Linux Linux Kernel	From 3.17 to 3.17.4
Linux Linux Kernel	From 3.3 to 3.4.107
Linux Linux Kernel	From 3.5 to 3.10.61

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 5.0
Redhat Enterprise Mrg	Version 2.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0

Configuration E

7 vulnerable

Vulnerable Software	Affected Versions
Opensuse Evergreen	Version 11.4
Suse Linux Enterprise Software Development Kit	Version 12
Suse Linux Enterprise Workstation Extension	Version 12
Suse Suse Linux Enterprise Server	Version 10 sp4
Suse Suse Linux Enterprise Server	Version 11 sp1
Suse Suse Linux Enterprise Server	Version 11 sp2
Suse Suse Linux Enterprise Server	Version 12

Configuration F

3 vulnerable

Vulnerable Software	Affected Versions
Oracle Linux	Version 5
Oracle Linux	Version 6
Oracle Linux	Version 7

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (40)

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9de7922bc709eee2f609cd01d98aaedc4cf5ea74

Source: secalert@redhat.com

http://linux.oracle.com/errata/ELSA-2014-3087.html

Source: secalert@redhat.com

Third Party Advisory

http://linux.oracle.com/errata/ELSA-2014-3088.html

Source: secalert@redhat.com

Third Party Advisory

http://linux.oracle.com/errata/ELSA-2014-3089.html

Source: secalert@redhat.com

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=142722450701342&w=2

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=142722544401658&w=2

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-0062.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-0115.html

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/62428

Source: secalert@redhat.com

Broken Link

http://www.debian.org/security/2014/dsa-3060

Source: secalert@redhat.com

Third Party Advisory

http://www.securityfocus.com/bid/70883

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2417-1

Source: secalert@redhat.com

Third Party Advisory

http://www.ubuntu.com/usn/USN-2418-1

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1147850

Source: secalert@redhat.com

ExploitIssue TrackingThird Party Advisory

https://github.com/torvalds/linux/commit/9de7922bc709eee2f609cd01d98aaedc4cf5ea74

Source: secalert@redhat.com

ExploitPatchThird Party Advisory

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9de7922bc709eee2f609cd01d98aaedc4cf5ea74