Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2019-8956

Published: 01/04/2019 Updated: 24/02/2023
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 642
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Linux Kernel

Vulnerability Summary

In the Linux Kernel prior to 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

canonical ubuntu linux 18.04

canonical ubuntu linux 18.10

Vendor Advisories

Ubuntu Security Notice: linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux-hwe, linux-azure vulnerabilities
Several security issues were fixed in the Linux kernel ...

Github Repositories

https://github.com/exube/sctp_uaf

Test Exploit for CVE-2019-8956 Prerequisites: Applicable Kernel versions: 420x before 4208 419x before 41921 418x 417x Required packages (Ubuntu): libsctp1 libsctp-dev Other requirements: sudo modprobe sctp (for using /checklogssh) Read access to /var/log/syslog, via dmesg or similar Compiling and testing: Compile with /buildsh Run with /sctp_uaf &lt

https://github.com/now4yreal/linux-kernel-vulnerabilities

linux kernel vulnerabilities root cause analysis

linux-kernel-vulnerabilities-root-cause-analysis Why? Analyze causes of linux kernel vulnerabilitie, to pump out more bugs (HOPE) How? not detailed, be brief towards "root causes" think why these vulnerabilities exist and, more importantly, how to find vulnerability with the same pattern Record CVE-2019-8956 for_each macro nftables CVE-2022-1015

https://github.com/Michael23Yu/POC

CVEs that without a poc I work for that

POC POC for CVE-2019-8956 In the Linux Kernel before versions 4208 and 41921 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socketc) when handling SCTP_SENDALL flag can be exploited to corrupt memory Usage: python3 serverpy & python3 server1py gcc -o poc pocc -lsctp /poc

https://github.com/butterflyhack/CVE-2019-8956

sctp-PoC

CVE-2019-8956 sctp-PoC sctp lib must be installed gcc sctp-2019-8956-pocc -o sctp-2019-8956-poc -pthread -lsctp -static

References

CWE-787CWE-416https://secuniaresearch.flexerasoftware.com/secunia_research/2019-5/https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=ba59fb0273076637f0add4311faa990a5eec27c0https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.8https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.21https://usn.ubuntu.com/3930-2/https://usn.ubuntu.com/3930-1/https://support.f5.com/csp/article/K12671141https://nvd.nist.govhttps://usn.ubuntu.com/3930-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook