CVE-2010-1173

high

Published 2010-05-07 · Modified 2026-04-29

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

8.1

Description

The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the Linux kernel 2.6.33.3 and earlier, when SCTP is enabled, allows remote attackers to cause a denial of service (system crash) via an SCTPChunkInit packet containing multiple invalid parameters that require a large amount of error data.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-14594 dos linux verified

Jon Oberheide · 2010-08-09

Linux Kernel 2.6.33.3 - SCTP INIT Remote Denial of Service

Source code queued for fetch — refresh in a moment.

OS impact

Linux kernel Affected 200 releases

Version	Status	Fixed in
2.6.25.12	Affected	—
2.6.25.11	Affected	—
2.6.25.10	Affected	—
2.6.25.9	Affected	—
2.6.25.8	Affected	—
2.6.25.7	Affected	—
2.6.25.6	Affected	—
2.6.25.5	Affected	—
2.6.25.4	Affected	—
2.6.25.3	Affected	—
2.6.25.2	Affected	—
2.6.25.1	Affected	—
2.6.25	Affected	—
2.6.24.7	Affected	—
2.6.24.6	Affected	—
2.6.22.4	Affected	—
2.6.22.3	Affected	—
2.6.22.2	Affected	—
2.6.22.1	Affected	—
2.6.22	Affected	—
2.6.21.7	Affected	—
2.6.21.6	Affected	—
2.6.21.5	Affected	—
2.6.21.4	Affected	—
2.6.21.3	Affected	—
2.6.21.2	Affected	—
2.6.21.1	Affected	—
2.6.21	Affected	—
2.6.20.21	Affected	—
2.6.20.20	Affected	—
2.6.20.19	Affected	—
2.6.20.18	Affected	—
2.6.20.17	Affected	—
2.6.20.16	Affected	—
2.6.20.15	Affected	—
2.6.20.14	Affected	—
2.6.20.13	Affected	—
2.6.20.12	Affected	—
2.6.20.11	Affected	—
2.6.20.10	Affected	—
2.6.20.9	Affected	—
2.6.20.8	Affected	—
2.6.20.7	Affected	—
2.6.20.6	Affected	—
2.6.20.5	Affected	—
2.6.20.4	Affected	—
2.6.20.3	Affected	—
2.6.20.2	Affected	—
2.6.20.1	Affected	—
2.6.20	Affected	—
2.6.19.7	Affected	—
2.6.19.6	Affected	—
2.6.19.5	Affected	—
2.6.19.4	Affected	—
2.6.19.3	Affected	—
2.6.19.2	Affected	—
2.6.19.1	Affected	—
2.6.19	Affected	—
2.6.18.8	Affected	—
2.6.18.7	Affected	—
2.6.18.6	Affected	—
2.6.18.5	Affected	—
2.6.18.4	Affected	—
2.6.18.3	Affected	—
2.6.18.2	Affected	—
2.6.18.1	Affected	—
2.6.18	Affected	—
2.6.17.14	Affected	—
2.6.17.13	Affected	—
2.6.17.12	Affected	—
2.6.17.11	Affected	—
2.6.17.10	Affected	—
2.6.17.9	Affected	—
2.6.17.8	Affected	—
2.6.17.7	Affected	—
2.6.17.6	Affected	—
2.6.17.5	Affected	—
2.6.17.4	Affected	—
2.6.17.3	Affected	—
2.6.17.2	Affected	—
2.6.17.1	Affected	—
2.6.17	Affected	—
2.6.16.62	Affected	—
2.6.16.61	Affected	—
2.6.16.60	Affected	—
2.6.16.59	Affected	—
2.6.16.58	Affected	—
2.6.16.57	Affected	—
2.6.16.56	Affected	—
2.6.16.55	Affected	—
2.6.16.54	Affected	—
2.6.16.53	Affected	—
2.6.16.52	Affected	—
2.6.16.51	Affected	—
2.6.16.50	Affected	—
2.6.16.49	Affected	—
2.6.16.48	Affected	—
2.6.16.47	Affected	—
2.6.16.46	Affected	—
2.6.16.45	Affected	—
2.6.16.44	Affected	—
2.6.16.43	Affected	—
2.6.16.42	Affected	—
2.6.16.41	Affected	—
2.6.16.40	Affected	—
2.6.16.39	Affected	—
2.6.16.38	Affected	—
2.6.16.37	Affected	—
2.6.16.36	Affected	—
2.6.16.35	Affected	—
2.6.16.34	Affected	—
2.6.16.33	Affected	—
2.6.16.32	Affected	—
2.6.16.31	Affected	—
2.6.16.30	Affected	—
2.6.16.29	Affected	—
2.6.16.28	Affected	—
2.6.16.27	Affected	—
2.6.16.26	Affected	—
2.6.16.25	Affected	—
2.6.16.24	Affected	—
2.6.16.23	Affected	—
2.6.16.22	Affected	—
2.6.16.21	Affected	—
2.6.16.20	Affected	—
2.6.16.19	Affected	—
2.6.16.18	Affected	—
2.6.16.17	Affected	—
2.6.16.16	Affected	—
2.6.16.15	Affected	—
2.6.16.14	Affected	—
2.6.16.13	Affected	—
2.6.16.12	Affected	—
2.6.16.11	Affected	—
2.6.16.10	Affected	—
2.6.16.9	Affected	—
2.6.16.8	Affected	—
2.6.16.7	Affected	—
2.6.16.6	Affected	—
2.6.16.5	Affected	—
2.6.16.4	Affected	—
2.6.16.3	Affected	—
2.6.16.2	Affected	—
2.6.16.1	Affected	—
2.6.16	Affected	—
2.6.15.7	Affected	—
2.6.15.6	Affected	—
2.6.15.5	Affected	—
2.6.15.4	Affected	—
2.6.15.3	Affected	—
2.6.15.2	Affected	—
2.6.15.1	Affected	—
2.6.15	Affected	—
2.6.14.7	Affected	—
2.6.14.6	Affected	—
2.6.14.5	Affected	—
2.6.14.4	Affected	—
2.6.14.3	Affected	—
2.6.14.2	Affected	—
2.6.14.1	Affected	—
2.6.14	Affected	—
2.6.13.5	Affected	—
2.6.13.4	Affected	—
2.6.13.3	Affected	—
2.6.13.2	Affected	—
2.6.13.1	Affected	—
2.6.13	Affected	—
2.6.12.6	Affected	—
2.6.12.5	Affected	—
2.6.12.4	Affected	—
2.6.12.3	Affected	—
2.6.12.2	Affected	—
2.6.12.1	Affected	—
2.6.12	Affected	—
2.6.11.12	Affected	—
2.6.11.11	Affected	—
2.6.11.10	Affected	—
2.6.11.9	Affected	—
2.6.11.8	Affected	—
2.6.11.7	Affected	—
2.6.11.6	Affected	—
2.6.11.5	Affected	—
2.6.11.4	Affected	—
2.6.11.3	Affected	—
2.6.11.2	Affected	—
2.6.11.1	Affected	—
2.6.11	Affected	—
2.6.10	Affected	—
2.6.9	Affected	—
2.6.8.1	Affected	—
2.6.8	Affected	—
2.6.7	Affected	—
2.6.6	Affected	—
2.6.5	Affected	—
2.6.4	Affected	—
2.6.3	Affected	—
2.6.2	Affected	—
2.6.1	Affected	—
2.6.0	Affected	—
—	Affected	—

References

CWEs

CWE-20

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.