CVE-2021-3772

Summary

A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.

Affected Software

VendorProductVersion RangeStatus
n/akernelFixed in linux kernel v5.15 and aboveaffected

Weaknesses

  • CWE-354: CWE-354 - Improper Validation of Integrity Check Value

ADP Enrichment

CVE Program Container

Additional References

References