Public Date:
584645: CVE-2010-1173 kernel: sctp: crash due to malformed SCTPChunkInit packet

The MITRE CVE dictionary describes this issue as:

The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the Linux kernel and earlier, when SCTP is enabled, allows remote attackers to cause a denial of service (system crash) via an SCTPChunkInit packet containing multiple invalid parameters that require a large amount of error data.

Find out more about CVE-2010-1173 from the MITRE CVE dictionary dictionary and NIST NVD.


Red Hat is aware of this issue and is tracking it via the following bug:

This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3 as it did not include support for SCTP. Future kernel updates in Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG may address this flaw.

For more information, please see

CVSS v2 metrics

Base Score 7.1
Base Metrics AV:N/AC:M/Au:N/C:N/I:N/A:C
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (kernel) RHSA-2010:0504 2010-07-01
Red Hat Enterprise Linux 4 (kernel) RHSA-2010:0474 2010-06-15
MRG Grid for RHEL 5 Server (kernel-rt) RHSA-2010:0631 2010-08-17


Red Hat would like to thank Jukka Taimisto and Olli Jarva of Codenomicon Ltd, Nokia Siemens Networks, and Wind River on behalf of their customer, for reporting this issue.
Last Modified

CVE description copyright © 2017, The MITRE Corporation