Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-3673

The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.

Published

2014-11-10T11:55:06.580

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: COMPLETE
Exploitability Score

10.0

Impact Score

6.9

Weaknesses
  • Type: Primary
    CWE-20
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System linux linux_kernel < 3.2.64 Yes
Operating System linux linux_kernel < 3.4.107 Yes
Operating System linux linux_kernel < 3.10.61 Yes
Operating System linux linux_kernel < 3.12.34 Yes
Operating System linux linux_kernel < 3.14.25 Yes
Operating System linux linux_kernel < 3.16.35 Yes
Operating System linux linux_kernel < 3.17.4 Yes
Operating System redhat enterprise_linux 5.0 Yes
Operating System redhat enterprise_mrg 2.0 Yes
Operating System canonical ubuntu_linux 12.04 Yes
Operating System debian debian_linux 7.0 Yes
Operating System opensuse evergreen 11.4 Yes
Operating System suse linux_enterprise_software_development_kit 12 Yes
Operating System suse linux_enterprise_workstation_extension 12 Yes
Operating System suse suse_linux_enterprise_server 10 Yes
Operating System suse suse_linux_enterprise_server 11 Yes
Operating System suse suse_linux_enterprise_server 11 Yes
Operating System suse suse_linux_enterprise_server 12 Yes
Operating System oracle linux 5 Yes
Operating System oracle linux 6 Yes
Operating System oracle linux 7 Yes
References