CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2006-2272

HIGH
7.8
CVSS Severity Score
EPSS Score0.0890%
EPSS Percentile38.68th
Published2006年5月9日
Last Modified2026年4月16日

Vulnerability Description

Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (kernel panic) via incoming IP fragmented (1) COOKIE_ECHO and (2) HEARTBEAT SCTP control chunks.

Affected Platforms (CPE)

📦
Lksctp

Stream Control Transmission Protocol

<= 2.6.16

References & Advisories

🔗 http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0227.html
🔗 http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=62b08083ec3dbfd7e533c8d230dd1d8191a6e813
🔗 http://labs.musecurity.com/advisories/MU-200605-01.txt
🔗 http://secunia.com/advisories/19990
🔗 http://secunia.com/advisories/20157
🔗 http://secunia.com/advisories/20237
🔗 http://secunia.com/advisories/20398
🔗 http://secunia.com/advisories/20671

相關漏洞威脅

CVE-2009-006510.0

Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel b...

CVE-2008-35267.8

Integer overflow in the sctp_setsockopt_auth_key function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) ...

CVE-2008-46187.8

The Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.27 does not properly handle a protoc...

CVE-2021-230137.5

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 1...