CVE-2011-1573

NameCVE-2011-1573
Descriptionnet/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip_enable and auth_enable are used, does not consider the amount of zero padding during calculation of chunk lengths for (1) INIT and (2) INIT ACK chunks, which allows remote attackers to cause a denial of service (OOPS) via crafted packet data.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linux-2.6sourcesqueeze2.6.32-34
linux-2.6source(unstable)2.6.34-1

Notes

http://xorl.wordpress.com/2011/05/08/cve-2011-1573-linux-kernel-sctp-initinit-ack-length-miscalculation/
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=a8170c35e738d62e9919ce5b109cf4ed66e9

Search for package or bug name: Reporting problems