VDB
CVE-2013-4350
CVE-2013-4350
REJECTED
The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which allows remote attackers to obtain sensitive information by sniffing the network.
EPSS 0.28% · 51.7th percentile
Risk Scores
EPSS Score
0.28%
51.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | linux | 0, 3.11.0-12.19 |
Exploit Intelligence
- https://github.com/torvalds/linux/commit/95ee62083cb6453e056562d91f597552021e6ae7 (nist-nvd)
- USN-2024-1 (circl)
- [oss-security] 20130913 Re: CVE request -- Linux kernel: net: sctp: ipv6 ipsec encryption bug in sctp_v6_xmit (circl)
- RHSA-2013:1490 (circl)
- USN-2039-1 (circl)
- USN-2022-1 (circl)
- USN-2038-1 (circl)
- USN-2021-1 (circl)
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=95ee62083cb6453e056562d91f597552021e6ae7 (circl)
- USN-2019-1 (circl)
…and 5 more exploits
Timeline
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 3, 2023 EPSS Score
- Feb 8, 2023 EPSS Score
- Feb 13, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2013-4350 third-party-advisory
- http://www.openwall.com/lists/oss-security/2013/09/13 third-party-advisory
- https://ubuntu.com/security/notices/USN-2019-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-2021-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-2022-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-2024-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-2038-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-2039-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-2041-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-2045-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-2050-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-2049-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2013-4350 third-party-advisory