CVE-2006-2934

SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux kernel 2.6.17 before 2.6.17.3 and 2.6.16 before 2.6.16.23 allows remote attackers to cause a denial of service (crash) via a packet without any chunks, which causes a variable to contain an invalid value that is later used to dereference a pointer.

Published: Jun 30, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-2934
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-399

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	2.6.16.16	2.6.16.16.x
linux / linux_kernel	2.6.17.2	2.6.17.2.x
linux / linux_kernel	2.6.16.18	2.6.16.18.x
linux / linux_kernel	2.6.16.13	2.6.16.13.x
linux / linux_kernel	2.6.16.15	2.6.16.15.x
linux / linux_kernel	2.6.16.1	2.6.16.1.x
linux / linux_kernel	2.6.17	2.6.17.x
linux / linux_kernel	2.6.16.11	2.6.16.11.x
linux / linux_kernel	2.6.16.14	2.6.16.14.x
linux / linux_kernel	2.6.16.21	2.6.16.21.x
linux / linux_kernel	2.6.17.1	2.6.17.1.x
linux / linux_kernel	2.6.16	2.6.16.x
linux / linux_kernel	2.6.16.22	2.6.16.22.x
linux / linux_kernel	2.6.16.10	2.6.16.10.x
linux / linux_kernel	2.6.16.17	2.6.16.17.x
linux / linux_kernel	2.6.16.12	2.6.16.12.x
linux / linux_kernel	2.6.16.2	2.6.16.2.x
linux / linux_kernel	2.6.16.19	2.6.16.19.x
linux / linux_kernel	2.6.16.20	2.6.16.20.x

Vulnerability Database

CVE-2006-2934

Deep Security Visibility Without the Complexity