FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- SCTP stream reset vulnerability

Affected packages
10.1 <= FreeBSD-kernel < 10.1_5
10.0 <= FreeBSD-kernel < 10.0_17
9.3 <= FreeBSD-kernel < 9.3_9
8.4 <= FreeBSD-kernel < 8.4_23

Details

VuXML ID 0aad3ce5-600a-11e6-a6c3-14dae9d210b8
Discovery 2015-01-27
Entry 2016-08-11

Problem Description:

The input validation of received SCTP RE_CONFIG chunks is insufficient, and can result in a NULL pointer deference later.

Impact:

A remote attacker who can send a malformed SCTP packet to a FreeBSD system that serves SCTP can cause a kernel panic, resulting in a Denial of Service.

References

CVE Name CVE-2014-8613
FreeBSD Advisory SA-15:03.sctp