CVE-2006-2274

N/A Unknown

Published: May 09, 2006 Modified: April 16, 2026

Description

Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (infinite recursion and crash) via a packet that contains two or more DATA fragments, which causes an skb pointer to refer back to itself when the full message is reassembled, leading to infinite recursion in the sctp_skb_pull function.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=672e7cca17ed6036a1756ed34cf20dbd72d5e5f6

Source: cve@mitre.org

http://secunia.com/advisories/20237

Source: cve@mitre.org

http://secunia.com/advisories/20398

Source: cve@mitre.org

http://secunia.com/advisories/20671

Source: cve@mitre.org

http://secunia.com/advisories/20716

Source: cve@mitre.org

http://secunia.com/advisories/20914

Source: cve@mitre.org

http://secunia.com/advisories/21045

Source: cve@mitre.org

http://secunia.com/advisories/21476

Source: cve@mitre.org

http://secunia.com/advisories/21745

Source: cve@mitre.org

http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm

Source: cve@mitre.org

http://www.debian.org/security/2006/dsa-1097

Source: cve@mitre.org

http://www.debian.org/security/2006/dsa-1103

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDKSA-2006:123

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDKSA-2006:150

Source: cve@mitre.org

http://www.novell.com/linux/security/advisories/2006-05-31.html

Source: cve@mitre.org

http://www.osvdb.org/25746

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2006-0493.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/17955

Source: cve@mitre.org

http://www.trustix.org/errata/2006/0026

Source: cve@mitre.org

http://www.ubuntu.com/usn/usn-302-1

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/2554

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/26432

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9531

Source: cve@mitre.org

http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=672e7cca17ed6036a1756ed34cf20dbd72d5e5f6

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/20237

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/20398

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/20671

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/20716

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/20914

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/21045

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/21476

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/21745

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2006/dsa-1097

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2006/dsa-1103

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDKSA-2006:123

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDKSA-2006:150

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.novell.com/linux/security/advisories/2006-05-31.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/25746

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2006-0493.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/17955

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.trustix.org/errata/2006/0026

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/usn-302-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2006/2554

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/26432

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9531

Source: af854a3a-2127-422b-91ae-364da2661108

46 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

9.3%

93th percentile

Exploitation Status

Not in CISA KEV

Affected Vendors

lksctp