CVE-2013-5209 in Communications Session Border Controllerinfo

Summary

The sctp_send_initiate_ack function in sys/netinet/sctp_output.c in the SCTP implementation in the kernel in FreeBSD 8.3 through 9.2-PRERELEASE does not properly initialize the state-cookie data structure, which allows remote attackers to obtain sensitive information from kernel stack memory by reading packet data in INIT-ACK chunks.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

08/15/2013

Disclosure

08/29/2013

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
100035	Oracle Communications Session Border Controller Sysadmin information disclosure	200	Not defined	Official fix	CVE-2013-5209
10058	FreeBSD SCTP Packet information disclosure	200	Proof-of-Concept	Official fix	CVE-2013-5209

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!