Unrated severityNVD Advisory· Published Nov 26, 2010· Updated Apr 29, 2026
CVE-2010-3705
CVE-2010-3705
Description
The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux kernel before 2.6.36 does not properly validate the hmac_ids array of an SCTP peer, which allows remote attackers to cause a denial of service (memory corruption and panic) via a crafted value in the last element of this array.
Affected products
9cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*+ 5 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- marc.infonvdMailing ListPatchThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.htmlnvdThird Party Advisory
- secunia.com/advisories/42745nvdThird Party Advisory
- www.debian.org/security/2010/dsa-2126nvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.openwall.com/lists/oss-security/2010/10/04/2nvdMailing ListThird Party Advisory
- www.openwall.com/lists/oss-security/2010/10/04/7nvdMailing ListThird Party Advisory
- www.redhat.com/support/errata/RHSA-2010-0842.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2010-0958.htmlnvdThird Party Advisory
- www.ubuntu.com/usn/USN-1000-1nvdThird Party Advisory
- www.vupen.com/english/advisories/2010/3321nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
- www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36nvdBroken Link
News mentions
0No linked articles in our index yet.