New Search

Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (infinite recursion and crash) via a packet that contains two or more DATA fragments which causes an skb pointer to refer back to itself when the full message is reassembled leading to infinite recursion in the sctp_skb_pull function.

oval:org.mitre.oval:def:9531

Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (infinite recursion and crash) via a packet that contains two or more DATA fragments which causes an skb pointer to refer back to itself when the full message is reassembled leading to infinite recursion in the sctp_skb_pull function.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Red Hat Enterprise Linux 4
  • Oracle Linux 4
  • CentOS Linux 4
Class:
vulnerability
Reference(s):
  • CVE-2006-2274
Product(s):