summaryrefslogtreecommitdiffstats
path: root/retired/CVE-2017-7558
blob: 75035d11e3f3239efb0205543a2532e88d5a2575 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Description: sctp: out-of-bounds read in  inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info()
References:
 http://www.openwall.com/lists/oss-security/2017/08/23/1
 https://marc.info/?t=150348787500002&r=1&w=2
Notes:
 carnil> proposed patch in https://marc.info/?l=linux-netdev&m=150348777122761&w=2
 carnil> the bug is said to be present from 4.7-rc1 on wards, but needs to be
 carnil> checked if we have otherwise backport the issue
 bwh> The sctp_diag code was added in 4.7 and we did not backport it.
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=1480266
upstream: released (4.13) [ee6c88bb754e3d363e568da78086adfedb692447]
4.9-upstream-stable: released (4.9.51) [08d56d8a99bb82e134ba7704e4cfdabbcc16fc4f]
3.16-upstream-stable: N/A "Vulnerable code not present"
3.2-upstream-stable: N/A "Vulnerable code not present"
sid: released (4.12.13-1) [bugfix/all/sctp-Avoid-out-of-bounds-reads-from-address-storage.patch]
4.9-stretch-security: released (4.9.30-2+deb9u4) [bugfix/all/sctp-Avoid-out-of-bounds-reads-from-address-storage.patch]
3.16-jessie-security: N/A "Vulnerable code not present"
3.2-wheezy-security: N/A "Vulnerable code not present"

© 2014-2024 Faster IT GmbH | imprint | privacy policy