canonical ubuntu-linux CVE-2021-3772 vulnerability in Canonical and Other Products
Published on March 2, 2022

product logo product logo product logo product logo product logo product logo
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.

Vendor Advisory NVD

Weakness Type

Improper Validation of Integrity Check Value

The software does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission. Improper validation of checksums before use results in an unnecessary risk that can easily be mitigated. The protocol specification describes the algorithm used for calculating the checksum. It is then a simple matter of implementing the calculation and verifying that the calculated checksum and the received checksum match. Improper verification of the calculated checksum and the received checksum can lead to far greater consequences.


Products Associated with CVE-2021-3772

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-3772 are published in these products:

Canonical Ubuntu Linux
 
Linux Kernel
 
Red Hat Enterprise Linux (RHEL)
 
Debian Linux
 
Oracle Communications Cloud Native Core Binding Support Function
 
Oracle Communications Cloud Native Core Policy
 
Oracle Communications Cloud Native Core Network Exposure Function
 
NetApp Solidfire Hci Management Node
 
NetApp Hci Compute Node
 
NetApp Solidfire Hci Storage Node
 
NetApp E Series Santricity Os Controller
 

Exploit Probability

EPSS
0.16%
Percentile
37.04%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.