published date: December 31, 2004

CVE-2004-2013 : Integer Overflow Vulnerability

Description

Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in socket.c in the Linux kernel 2.4.25 and earlier allows local users to execute arbitrary code via an optlen value of -1, which causes kmalloc to allocate 0 bytes of memory.

Product(s):

Linux Linux Kernel
Linux Kernel
Linux Kernel on X64
Linux Kernel 1.2
Linux Kernel 1.3
Linux Kernel 2.0.0
Linux Kernel 2.0.10
Linux Kernel 2.0.11
Linux Kernel 2.0.12
Linux Kernel 2.0.13
Linux Kernel 2.0.14
Linux Kernel 2.0.15
Linux Kernel 2.0.16
Linux Kernel 2.0.17
Linux Kernel 2.0.18
Linux Kernel 2.0.19
Linux Kernel 2.0.1
Linux Kernel 2.0.20
Linux Kernel 2.0.21
Linux Kernel 2.0.22
Linux Kernel 2.0.23
Linux Kernel 2.0.24
Linux Kernel 2.0.25
Linux Kernel 2.0.26
Linux Kernel 2.0.27
Linux Kernel 2.0.28
Linux Kernel 2.0.29
Linux Kernel 2.0.2
Linux Kernel 2.0.30
Linux Kernel 2.0.31
Linux Kernel 2.0.32
Linux Kernel 2.0.33
Linux Kernel 2.0.34
Linux Kernel 2.0.35
Linux Kernel 2.0.36
Linux Kernel 2.0.37
Linux Kernel 2.0.38
Linux Kernel 2.0.39
Linux Kernel 2.0.3
Linux Kernel 2.0.4
Linux Kernel 2.0.5
Linux Kernel 2.0.6
Linux Kernel 2.0.7
Linux Kernel 2.0.8
Linux Kernel 2.0.9.9
Linux Kernel 2.0.9
Linux Kernel 2.0
Linux Kernel 2.1.0
Linux Kernel 2.1.100
Linux Kernel 2.1.101
Linux Kernel 2.1.102
Linux Kernel 2.1.103
Linux Kernel 2.1.104
Linux Kernel 2.1.105
Linux Kernel 2.1.106
Linux Kernel 2.1.107
Linux Kernel 2.1.108
Linux Kernel 2.1.109
Linux Kernel 2.1.10
Linux Kernel 2.1.110
Linux Kernel 2.1.111
Linux Kernel 2.1.112
Linux Kernel 2.1.113
Linux Kernel 2.1.114
Linux Kernel 2.1.115
Linux Kernel 2.1.116
Linux Kernel 2.1.117
Linux Kernel 2.1.118
Linux Kernel 2.1.119
Linux Kernel 2.1.11
Linux Kernel 2.1.120
Linux Kernel 2.1.121
Linux Kernel 2.1.122
Linux Kernel 2.1.123
Linux Kernel 2.1.124
Linux Kernel 2.1.125
Linux Kernel 2.1.126
Linux Kernel 2.1.127
Linux Kernel 2.1.128
Linux Kernel 2.1.129
Linux Kernel 2.1.12
Linux Kernel 2.1.130
Linux Kernel 2.1.131
Linux Kernel 2.1.132
Linux Kernel 2.1.13
Linux Kernel 2.1.14
Linux Kernel 2.1.15
Linux Kernel 2.1.16
Linux Kernel 2.1.17
Linux Kernel 2.1.18
Linux Kernel 2.1.19
Linux Kernel 2.1.1
Linux Kernel 2.1.20
Linux Kernel 2.1.21
Linux Kernel 2.1.22
Linux Kernel 2.1.23
Linux Kernel 2.1.24
Linux Kernel 2.1.25
Linux Kernel 2.1.26
Linux Kernel 2.1.27
+276 additional

CVSS:7.8 [Critical]
EPSS:0.09%
Exploitability:1.8
In KEV:No

Question to Ask Vendors:

Can you confirm whether your systems are affected by CVE-2004-2013, and if so, what steps are you currently taking to mitigate this vulnerability?
What is your estimated timeline for fully resolving CVE-2004-2013 in your products or services, and how will you communicate updates on this issue to us as your customer?

CVE-2004-2013 : Integer Overflow Vulnerability

Description

Product(s):

Question to Ask Vendors:

Recommended Actions:

References:

READY TO GET RESULTS YOU CAN TRUST?