← Back

CVE-2014-3687

nvd nist
Published: Nov 10, 2014Modified: May 6, 2026

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.

Affected (20)

Show all products
Linux: Linux Kernel · Redhat: Enterprise Mrg · Canonical: Ubuntu Linux · Debian: Debian Linux · Novell: Suse Linux Enterprise Desktop, Suse Linux Enterprise Server · Opensuse: Evergreen · Suse: Linux Enterprise Real Time Extension, Linux Enterprise Software Development Kit, Linux Enterprise Workstation Extension, Suse Linux Enterprise Server · Oracle: Linux
Linux
1 product
Linux Kernel
Redhat
1 product
Enterprise Mrg
Canonical
1 product
Ubuntu Linux
Debian
1 product
Debian Linux
Novell
2 products
Suse Linux Enterprise Desktop
Suse Linux Enterprise Server
Opensuse
1 product
Evergreen
Suse
4 products
Linux Enterprise Real Time Extension
Linux Enterprise Software Development Kit
Linux Enterprise Workstation Extension
Suse Linux Enterprise Server
Oracle
1 product
Linux
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Linux
Linux Kernel
From 2.6.27 to 3.2.64
Linux Kernel
From 3.11 to 3.12.34
Linux Kernel
From 3.13 to 3.14.25
Linux Kernel
From 3.15 to 3.16.35
Linux Kernel
From 3.17 to 3.17.4
Linux Kernel
From 3.3 to 3.4.107
Linux Kernel
From 3.5 to 3.10.61
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Enterprise Mrg
Version 2.0
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Ubuntu Linux
Version 12.04
Configuration D
8 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 7.0
Suse Linux Enterprise Desktop
Version 12.0
Suse Linux Enterprise Server
Version 12.0
Evergreen
Version 11.4
Linux Enterprise Real Time Extension
Version 11 sp3
Linux Enterprise Software Development Kit
Version 12
Linux Enterprise Workstation Extension
Version 12
Suse Linux Enterprise Server
Version 11 sp2
Configuration E
3 vulnerable
Vulnerable SoftwareAffected Versions
Oracle
Linux
Version 5
Linux
Version 6
Linux
Version 7

Related CWEs

CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (44)

Source: secalert@redhat.com
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Broken Link
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party AdvisoryVDB Entry
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Issue TrackingPatchThird Party Advisory
Source: secalert@redhat.com
ExploitPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatchThird Party Advisory

Timeline

No history available yet.