Vulnerability Details : CVE-2006-2274
Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (infinite recursion and crash) via a packet that contains two or more DATA fragments, which causes an skb pointer to refer back to itself when the full message is reassembled, leading to infinite recursion in the sctp_skb_pull function.
Vulnerability category: Denial of service
Products affected by CVE-2006-2274
- cpe:2.3:a:lksctp:stream_control_transmission_protocol:2.6.17:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-2274
19.73%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-2274
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
References for CVE-2006-2274
-
http://www.ubuntu.com/usn/usn-302-1
USN-302-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu
-
http://www.novell.com/linux/security/advisories/2006-05-31.html
-
http://www.vupen.com/english/advisories/2006/2554
-
http://www.securityfocus.com/bid/17955
-
http://www.redhat.com/support/errata/RHSA-2006-0493.html
-
http://www.debian.org/security/2006/dsa-1103
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/26432
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9531
-
http://www.trustix.org/errata/2006/0026
Trustix | Empowering Trust and Security in the Digital Age
-
http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:123
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:150
-
http://www.debian.org/security/2006/dsa-1097
-
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=672e7cca17ed6036a1756ed34cf20dbd72d5e5f6
Jump to