Marcelo Ricardo Leitner

5 exploits Active since Aug 2015
CVE-2015-3212 WRITEUP WRITEUP
Linux Kernel <4.1.2 - DoS
Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets, as demonstrated by setsockopt calls.
CVE-2015-5283 WRITEUP WRITEUP
Linux kernel <4.2.3 - DoS
The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished.
CVE-2016-9555 WRITEUP CRITICAL WRITEUP
Linux Kernel < 3.2.85 - Out-of-Bounds Read
The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data.
CVSS 9.8
CVE-2017-5986 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.9.11 - Race Condition
Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state.
CVSS 5.5
CVE-2017-6353 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.10 - Double Free
net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986.
CVSS 5.5