4.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.0004 Low
EPSS
Percentile
10.1%
Integer overflow in the sctp_getsockopt_local_addrs_old function in
net/sctp/socket.c in the Stream Control Transmission Protocol (sctp)
functionality in the Linux kernel before 2.6.25.9 allows local users to
cause a denial of service (resource consumption and system outage) via
vectors involving a large addr_num field in an sctp_getaddrs_old data
structure.
Author | Note |
---|---|
kees | linux-2.6: 735ce972fbc8a65fb17788debd7bbe7b4383cc62 was reported at one point as CVE-2008-2372 |