CVE-2006-2274 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2006-2274 Interim 1 4 2023-12-09T02:18:45Z current 2021-05-30T12:35:37Z 2023-12-09T02:18:45Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2006-2274 Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (infinite recursion and crash) via a packet that contains two or more DATA fragments, which causes an skb pointer to refer back to itself when the full message is reassembled, leading to infinite recursion in the sctp_skb_pull function. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NHYECM4VBKXEW3VB3CVU4VPMJPBVV6X6/#NHYECM4VBKXEW3VB3CVU4VPMJPBVV6X6 E-Mail link for SUSE-SA:2006:028 https://www.suse.com/support/security/rating/ SUSE Security Ratings Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (infinite recursion and crash) via a packet that contains two or more DATA fragments, which causes an skb pointer to refer back to itself when the full message is reassembled, leading to infinite recursion in the sctp_skb_pull function. CVE-2006-2274 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P