VYPR
Unrated severityNVD Advisory· Published Sep 3, 2008· Updated Jun 16, 2026

CVE-2008-3792

CVE-2008-3792

Description

net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4 does not verify that the SCTP-AUTH extension is enabled before proceeding with SCTP-AUTH API functions, which allows attackers to cause a denial of service (NULL pointer dereference and panic) via vectors that result in calls to (1) sctp_setsockopt_auth_chunk, (2) sctp_setsockopt_hmac_ident, (3) sctp_setsockopt_auth_key, (4) sctp_setsockopt_active_key, (5) sctp_setsockopt_del_key, (6) sctp_getsockopt_maxburst, (7) sctp_getsockopt_active_key, (8) sctp_getsockopt_peer_auth_chunks, or (9) sctp_getsockopt_local_auth_chunks.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Linux/Kernel2 versions
    cpe:2.3:o:linux:linux_kernel:2.6.26.3:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:linux:linux_kernel:2.6.26.3:*:*:*:*:*:*:*
    • (no CPE)range: <2.6.26.4

Patches

Vulnerability mechanics

References

21

News mentions

0

No linked articles in our index yet.