Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2013-5209HistoryAug 29, 2013 - 12:07 p.m.
CVE-2013-5209
2013-08-2912:07:56
Debian Security Bug Tracker
security-tracker.debian.org
10
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
0.003 Low
EPSS
Percentile
71.7%
The sctp_send_initiate_ack function in sys/netinet/sctp_output.c in the SCTP implementation in the kernel in FreeBSD 8.3 through 9.2-PRERELEASE does not properly initialize the state-cookie data structure, which allows remote attackers to obtain sensitive information from kernel stack memory by reading packet data in INIT-ACK chunks.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 10 | all | kfreebsd-10 | < 10.0~svn254663-1 | kfreebsd-10_10.0~svn254663-1_all.deb |
Related
nessus
nessus
nvd
nvd
CVE-2013-5209
2013-08-29 12:07:56
prion
prion
Stack overflow
2013-08-29 12:07:00
ubuntucve
ubuntucve
CVE-2013-5209
2013-08-29 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-13:10.sctp
2013-08-22 00:00:00
cve
cve
CVE-2013-5209
2013-08-29 12:07:56
freebsd
freebsd
FreeBSD -- Kernel memory disclosure in sctp(4)
2013-08-22 00:00:00
securityvulns
securityvulns
FreeBSD information leakage
2013-08-28 00:00:00
FreeBSD Security Advisory FreeBSD-SA-13:10.sctp
2013-08-28 00:00:00
cvelist
cvelist
CVE-2013-5209
2013-08-29 10:00:00
osv
osv
kfreebsd-9 - several
2013-08-27 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-2743-1)
2013-08-26 00:00:00
debian
debian
[SECURITY] [DSA 2743-1] kfreebsd-9 security update
2013-08-27 00:22:20
oracle
oracle
Oracle Critical Patch Update Advisory - April 2017
2017-04-18 00:00:00
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
0.003 Low
EPSS
Percentile
71.7%
Related for DEBIANCVE:CVE-2013-5209