Lucene search

[email protected]NVD:CVE-2021-3772

HistoryMar 02, 2022 - 11:15 p.m.

CVE-2021-3772

2022-03-0223:15:09

CWE-354

[email protected]

web.nvd.nist.gov

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

0.004 Low

EPSS

Percentile

72.8%

JSON

A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.

Affected configurations

NVD

Node

linuxlinux_kernelRange<5.15.0

Node

redhatenterprise_linuxMatch8.0

Node

debiandebian_linuxMatch9.0

debiandebian_linuxMatch10.0

Node

oraclecommunications_cloud_native_core_binding_support_functionMatch22.1.3

oraclecommunications_cloud_native_core_network_exposure_functionMatch22.1.1

oraclecommunications_cloud_native_core_policyMatch22.2.0

Node

netappe-series_santricity_os_controllerMatch11.0

netappe-series_santricity_os_controllerMatch11.0.0

netappe-series_santricity_os_controllerMatch11.20

netappe-series_santricity_os_controllerMatch11.25

netappe-series_santricity_os_controllerMatch11.30

netappe-series_santricity_os_controllerMatch11.30.5r3

netappe-series_santricity_os_controllerMatch11.40

netappe-series_santricity_os_controllerMatch11.40.3r2

netappe-series_santricity_os_controllerMatch11.40.5

netappe-series_santricity_os_controllerMatch11.50.1

netappe-series_santricity_os_controllerMatch11.50.2-

netappe-series_santricity_os_controllerMatch11.50.2p1

netappe-series_santricity_os_controllerMatch11.60

netappe-series_santricity_os_controllerMatch11.60.0

netappe-series_santricity_os_controllerMatch11.60.1

netappe-series_santricity_os_controllerMatch11.60.3

netappe-series_santricity_os_controllerMatch11.70.1

netappe-series_santricity_os_controllerMatch11.70.2

netappsolidfire_\&_hci_management_nodeMatch-

netappsolidfire_\&_hci_storage_nodeMatch-

netapphci_compute_nodeMatch-

Node

netapph300s_firmwareMatch-

AND

netapph300sMatch-

Node

netapph500s_firmwareMatch-

AND

netapph500sMatch-

Node

netapph700s_firmwareMatch-

AND

netapph700sMatch-

Node

netapph410s_firmwareMatch-

AND

netapph410sMatch-

Node

netapph410c_firmwareMatch-

AND

netapph410cMatch-

Node

netapph610c_firmwareMatch-

AND

netapph610cMatch-

Node

netapph610s_firmwareMatch-

AND

netapph610sMatch-

Node

netapph615c_firmwareMatch-

AND

netapph615cMatch-

References

bugzilla.redhat.com/show_bug.cgi?id=2000694

git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=32f8807a48ae55be0e76880cfe8607a18b5bb0df

github.com/torvalds/linux/commit/32f8807a48ae55be0e76880cfe8607a18b5bb0df

lists.debian.org/debian-lts-announce/2022/03/msg00012.html

security.netapp.com/advisory/ntap-20221007-0001/

ubuntu.com/security/CVE-2021-3772

www.debian.org/security/2022/dsa-5096

www.oracle.com/security-alerts/cpujul2022.html

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

0.004 Low

EPSS

Percentile

72.8%

JSON

Related for NVD:CVE-2021-3772

prion1 ubuntucve1 cbl_mariner1 veracode1 cve1 debiancve1 redhatcve1 cvelist1 osv13 ibm1 fedora1 nessus60 amazon4 openvas45 oraclelinux2 mageia2 ubuntu7 suse6 photon2 slackware1 rocky2 almalinux1 redhat7 debian2 oracle1