VDB
CVE-2008-4618
CVE-2008-4618
PUBLISHED
CVSS 7.800000190734863 HIGH
The Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service (panic) via unspecified vectors, related to sctp_sf_violation_paramlen, sctp_sf_abort_violation, sctp_make_abort_violation, and incorrect data types in function calls.
EPSS 1.01% · 77.5th percentile
Risk Scores
CVSS 2.0
7.800000190734863
EPSS Score
1.01%
77.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| linux | linux_kernel | 2.6.25.12, 2.2.27, 0 |
| n/a | n/a | * |
Exploit Intelligence
- 32998 (circl)
- http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=ba0166708ef4da7eeb61dd92bbba4d5a749d6561 (circl)
- RHSA-2009:0009 (circl)
- SUSE-SA:2008:053 (circl)
- 33586 (circl)
- [oss-security] 20081006 CVE request: kernel: sctp: Fix kernel panic while process protocol violation parameter (circl)
- 32918 (circl)
- USN-679-1 (circl)
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27 (circl)
- 31848 (circl)
…and 1 more exploits
Timeline
- Oct 20, 2008 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- 32998 third-party-advisory
- http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=ba0166708ef4da7eeb61dd92bbba4d5a749d6561 url
- RHSA-2009:0009 vendor-advisory
- SUSE-SA:2008:053 vendor-advisory
- 33586 third-party-advisory
- [oss-security] 20081006 CVE request: kernel: sctp: Fix kernel panic while process protocol violation parameter mailing-list
- 32918 third-party-advisory
- USN-679-1 vendor-advisory
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27 url
- 31848 vdb
- DSA-1681 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2008-4618 advisory
- http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=ba0166708ef4da7eeb61dd92bbba4d5a749d6561 url