CVE-2008-3526

Priority
Description
Integer overflow in the sctp_setsockopt_auth_key function in
net/sctp/socket.c in the Stream Control Transmission Protocol (sctp)
implementation in the Linux kernel 2.6.24-rc1 through 2.6.26.3 allows
remote attackers to cause a denial of service (panic) or possibly have
unspecified other impact via a crafted sca_keylength field associated with
the SCTP_AUTH_KEY option.
Ubuntu-Description
It was discovered that the Stream Control Transmission Protocol (SCTP)
did not correctly validate the key length in the SCTP_AUTH_KEY option.
If SCTP is in use, a remote attacker could send specially crafted network
traffic that would crash the system, leading to a denial of service.
Assigned-to
smb_tp
Notes
Package
Upstream:needed
Package
Upstream:needed
Package
Upstream:needed
More Information

Updated: 2020-09-10 00:44:07 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)