Detections
Analytics
CVE-2006-2274
high
Description
Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (infinite recursion and crash) via a packet that contains two or more DATA fragments, which causes an skb pointer to refer back to itself when the full message is reassembled, leading to infinite recursion in the sctp_skb_pull function.
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9531
https://exchange.xforce.ibmcloud.com/vulnerabilities/26432
http://www.vupen.com/english/advisories/2006/2554
http://www.ubuntu.com/usn/usn-302-1
http://www.trustix.org/errata/2006/0026
http://www.securityfocus.com/bid/17955
http://www.redhat.com/support/errata/RHSA-2006-0493.html
http://www.novell.com/linux/security/advisories/2006-05-31.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:150
http://www.mandriva.com/security/advisories?name=MDKSA-2006:123
http://www.debian.org/security/2006/dsa-1103
http://www.debian.org/security/2006/dsa-1097
http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm
http://secunia.com/advisories/21745
http://secunia.com/advisories/21476
http://secunia.com/advisories/21045
http://secunia.com/advisories/20914
http://secunia.com/advisories/20716
http://secunia.com/advisories/20671
http://secunia.com/advisories/20398