CVE-2014-0101

high

Published 2014-03-11 · Modified 2026-05-06

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

7.8

Description

The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

OS impact

Linux kernel Affected 1 release

Version	Status	Fixed in
—	Affected	`3.2.56`

Red Hat Affected 4 releases

Version	Status	Fixed in
6.5	Affected	—
6.4	Affected	—
6.3	Affected	—
6.0	Affected	—

Ubuntu Affected 1 release

Version	Status	Fixed in
10.04	Affected	—

Debian Fixed 5 releases

Version	Status	Fixed in
trixie	Fixed	`3.13.6-1`
sid	Fixed	`3.13.6-1`
forky	Fixed	`3.13.6-1`
bullseye	Fixed	`3.13.6-1`
bookworm	Fixed	`3.13.6-1`

Application impact

Vendor	Product	Versions
f5	big-ip_access_policy_manager	`{"startIncluding":"11.1.0","endIncluding":"11.5.3"}`
f5	big-ip_advanced_firewall_manager	`{"startIncluding":"11.3.0","endIncluding":"11.5.3"}`
f5	big-ip_analytics	`{"startIncluding":"11.1.0","endIncluding":"11.5.3"}`
f5	big-ip_application_acceleration_manager	`{"startIncluding":"11.4.0","endIncluding":"11.5.3"}`
f5	big-ip_application_security_manager	`{"startIncluding":"11.1.0","endIncluding":"11.5.3"}`
f5	big-ip_edge_gateway	`{"startIncluding":"11.1.0","endIncluding":"11.3.0"}`
f5	big-ip_enterprise_manager	`{"startIncluding":"2.1.0","endIncluding":"2.3.0"}`
f5	big-ip_global_traffic_manager	`{"startIncluding":"11.1.0","endIncluding":"11.5.3"}`
f5	big-ip_link_controller	`{"startIncluding":"11.1.0","endIncluding":"11.5.3"}`
f5	big-ip_local_traffic_manager	`{"startIncluding":"11.1.0","endIncluding":"11.5.3"}`
f5	big-ip_policy_enforcement_manager	`{"startIncluding":"11.3.0","endIncluding":"11.5.3"}`
f5	big-ip_protocol_security_module	`{"startIncluding":"11.1.0","endIncluding":"11.4.1"}`
f5	big-ip_wan_optimization_manager	`{"startIncluding":"11.1.0","endIncluding":"11.3.0"}`
f5	big-ip_webaccelerator	`{"startIncluding":"11.1.0","endIncluding":"11.3.0"}`
f5	big-iq_adc	`4.5.0`
f5	big-iq_centralized_management	`4.6.0`
f5	big-iq_cloud	`{"startIncluding":"4.0.0","endIncluding":"4.5.0"}`
f5	big-iq_device	`{"startIncluding":"4.2.0","endIncluding":"4.5.0"}`
f5	big-iq_security	`{"startIncluding":"4.0.0","endIncluding":"4.5.0"}`

References

CWEs

CWE-476

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.