Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (deadlock) via a large number of small messages to a receiver application that cannot process the messages quickly enough, which leads to "spillover of the receive buffer."
Threat-Mapped Scoring
Score: 1.5
Priority: P4 - Informational (Low)
EPSS
Score: 0.03168Percentile:
0.86392
CVSS Scoring
CVSS v3.1 Score: 7.5
Severity: HIGH
Mapped CWE(s)
CWE-667
: Improper Locking
All CAPEC(s)
CAPEC-25 : Forced Deadlock
CAPEC-26 : Leveraging Race Conditions
CAPEC-27 : Leveraging Race Conditions via Symbolic Links
CAPEC(s) with Mapped TTPs
CAPEC-25 : Forced Deadlock
Mapped TTPs:
T1499.004
: Application or System Exploitation
Mapped ATT&CK TTPs
T1499.004
: Application or System Exploitation
Kill Chain: impact
Malware
APTs Threat Group Associations
Campaigns
Affected Products
cpe:2.3:a:lksctp:stream_control_transmission_protocol:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:5.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
← Back to Home
BrownCoat Threat Intelligence Platform | 2025 Steve Gray — You Can’t Take the Sky from Me