The sctp_packet_config function in net/sctp/output.c in the Linux kernel
before 188.8.131.52 performs extraneous initializations of packet data
structures, which allows remote attackers to cause a denial of service
(panic) via a certain sequence of SCTP traffic.
Thomas Dreibholz discovered that SCTP did not correctly handle appending
packet chunks. A remote attacker could send specially crafted traffic to
crash the system, leading to a denial of service.
Updated: 2016-03-23 03:37:38 UTC (commit 10817)