Unrated severityNVD Advisory· Published Aug 29, 2013· Updated Apr 29, 2026

CVE-2013-5209

Description

The sctp_send_initiate_ack function in sys/netinet/sctp_output.c in the SCTP implementation in the kernel in FreeBSD 8.3 through 9.2-PRERELEASE does not properly initialize the state-cookie data structure, which allows remote attackers to obtain sensitive information from kernel stack memory by reading packet data in INIT-ACK chunks.

Affected products

FreeBSD/FreeBSD6 versions
cpe:2.3:o:freebsd:freebsd:8.3:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:o:freebsd:freebsd:8.3:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:9.1:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:9.1:p4:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:9.1:p5:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:9.2:prerelease:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

svnweb.freebsd.org/basenvdPatch
www.freebsd.org/security/advisories/FreeBSD-SA-13:10.sctp.ascnvdVendor Advisory
www.securityfocus.com/bid/61939nvd
www.securitytracker.com/id/1028940nvd
bugzilla.mozilla.org/show_bug.cginvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000