{
  "threat_severity" : "Important",
  "public_date" : "2010-03-16T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: sctp remote denial of service",
    "id" : "555658",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=555658"
  },
  "cvss" : {
    "cvss_base_score" : "7.8",
    "cvss_scoring_vector" : "AV:N/AC:L/Au:N/C:N/I:N/A:C",
    "status" : "verified"
  },
  "cwe" : "CWE-130->CWE-119",
  "details" : [ "The sctp_rcv_ootb function in the SCTP implementation in the Linux kernel before 2.6.23 allows remote attackers to cause a denial of service (infinite loop) via (1) an Out Of The Blue (OOTB) chunk or (2) a chunk of zero length." ],
  "statement" : "This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3 as it did not include support for SCTP. It did not affect the version of Linux kernel as shipped with Red Hat Enterprise MRG as it has already had the fix to this issue.",
  "acknowledgement" : "Red Hat would like to thank Telesys Software for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 4",
    "release_date" : "2010-03-17T00:00:00Z",
    "advisory" : "RHSA-2010:0146",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4",
    "package" : "kernel-0:2.6.9-89.0.23.EL"
  }, {
    "product_name" : "Red Hat Enterprise Linux 4.7 Z Stream",
    "release_date" : "2010-04-06T00:00:00Z",
    "advisory" : "RHSA-2010:0342",
    "cpe" : "cpe:/o:redhat:rhel_eus:4.7",
    "package" : "kernel-0:2.6.9-78.0.30.EL"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2010-03-17T00:00:00Z",
    "advisory" : "RHSA-2010:0147",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "kernel-0:2.6.18-164.15.1.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5.2 Z Stream",
    "release_date" : "2010-03-17T00:00:00Z",
    "advisory" : "RHSA-2010:0148",
    "cpe" : "cpe:/o:redhat:rhel_eus:5.2",
    "package" : "kernel-0:2.6.18-92.1.38.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5.3.Z - Server Only",
    "release_date" : "2010-03-17T00:00:00Z",
    "advisory" : "RHSA-2010:0149",
    "cpe" : "cpe:/o:redhat:rhel_eus:5.3",
    "package" : "kernel-0:2.6.18-128.14.1.el5"
  }, {
    "product_name" : "Red Hat Enterprise Virtualization for RHEL-5",
    "release_date" : "2010-03-24T00:00:00Z",
    "advisory" : "RHSA-2010:0172",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5::hypervisor",
    "package" : "rhev-hypervisor-0:5.4-2.1.10.el5_4rhev2_1"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2010-0008\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-0008" ],
  "name" : "CVE-2010-0008",
  "csaw" : false
}