CVE-2014-7841

EPSS 18.3%

linux - security update

Published: 11/30/2014Modified: 4/28/2026

Description

The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk.

Affected packages (2)

Debian/linuxfrom 0, < 3.16.7-ckt2-1
Debian/linuxfrom 0, < 3.2.63-2+deb7u2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-7841