CVE-2008-3526 in Kernelinfo

Summary

Integer overflow in the sctp_setsockopt_auth_key function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel 2.6.24-rc1 through 2.6.26.3 allows remote attackers to cause a denial of service (panic) or possibly have unspecified other impact via a crafted sca_keylength field associated with the SCTP_AUTH_KEY option.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

08/07/2008

Disclosure

08/27/2008

Moderation

VulDB entry created

Entries

VDB-43811 (1)

CPE

ready

CWE

CWE-189 (Confirmed)

CVSS

7.5

EPSS

0.01908

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2008-3526
NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-3526
CVE Details	https://www.cvedetails.com/cve/CVE-2008-3526/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!