The sctp_send_initiate_ack function in sys/netinet/sctp_output.c in the SCTP implementation in the kernel in FreeBSD 8.3 through 9.2-PRERELEASE does not properly initialize the state-cookie data structure, which allows remote attackers to obtain sensitive information from kernel stack memory by reading packet data in INIT-ACK chunks.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2013-08-29T10:00:00
Updated: 2017-04-24T09:57:01
Reserved: 2013-08-15T00:00:00
Link: CVE-2013-5209
JSON object: View
NVD Information
Status : Modified
Published: 2013-08-29T12:07:56.070
Modified: 2019-03-18T15:35:23.750
Link: CVE-2013-5209
JSON object: View
Redhat Information
No data.
CWE