CVE-2008-2826

Linux Kernel < 2.6.25.9 - Integer Overflow

Title source: rule

Description

Integer overflow in the sctp_getsockopt_local_addrs_old function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) functionality in the Linux kernel before 2.6.25.9 allows local users to cause a denial of service (resource consumption and system outage) via vectors involving a large addr_num field in an sctp_getaddrs_old data structure.

References (23)

... and 3 more

Scores

EPSS 0.0015
EPSS Percentile 35.6%

Classification

CWE
CWE-190
Status draft

Affected Products (8)

linux/linux_kernel < 2.6.25.9
opensuse/opensuse
opensuse/opensuse
debian/debian_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux

Timeline

Published Jul 02, 2008
Tracked Since Feb 18, 2026