CVE-2008-2826

Priority
Description
Integer overflow in the sctp_getsockopt_local_addrs_old function in
net/sctp/socket.c in the Stream Control Transmission Protocol (sctp)
functionality in the Linux kernel before 2.6.25.9 allows local users to
cause a denial of service (resource consumption and system outage) via
vectors involving a large addr_num field in an sctp_getaddrs_old data
structure.
Ubuntu-Description
Gabriel Campana discovered that SCTP routines did not correctly check
for large addresses. A local user could exploit this to allocate all
available memory, leading to a denial of service.
Assigned-to
kees
Notes
keeslinux-2.6: 735ce972fbc8a65fb17788debd7bbe7b4383cc62
was reported at one point as CVE-2008-2372
Package
Source: linux (LP Ubuntu Debian)
Upstream:released
Package
Upstream:needed
Package
Upstream:needed
Package
Upstream:needed
More Information

Updated: 2019-12-05 20:49:34 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)