{"id":"CVE-2021-3772","details":"A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.","modified":"2026-05-12T04:05:45.564124Z","published":"2022-03-02T23:15:09.127Z","related":["ALSA-2022:1988","SUSE-SU-2021:14849-1","SUSE-SU-2021:3640-1","SUSE-SU-2021:3641-1","SUSE-SU-2021:3642-1","SUSE-SU-2021:3658-1","SUSE-SU-2021:3675-1","SUSE-SU-2021:3723-1","SUSE-SU-2021:3754-1","SUSE-SU-2021:3848-1","SUSE-SU-2021:3876-1","SUSE-SU-2021:3929-1","SUSE-SU-2021:3935-1","SUSE-SU-2021:3969-1","SUSE-SU-2021:3972-1","openSUSE-SU-2021:1477-1","openSUSE-SU-2021:3641-1","openSUSE-SU-2021:3675-1","openSUSE-SU-2021:3876-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","extracted_events":[{"last_affected":"11.0.0"}],"cpe":"cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0.0:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"11.0"}],"cpe":"cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"11.20"}],"cpe":"cpe:2.3:a:netapp:e-series_santricity_os_controller:11.20:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"11.25"}],"cpe":"cpe:2.3:a:netapp:e-series_santricity_os_controller:11.25:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"11.30.5r3"}],"cpe":"cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30.5r3:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"11.30"}],"cpe":"cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"11.40.3r2"}],"cpe":"cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.3r2:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"11.40.5"}],"cpe":"cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.5:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"11.40"}],"cpe":"cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"11.50.1"}],"cpe":"cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.1:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"11.50.2-NA"}],"cpe":"cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:-:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"11.50.2-p1"}],"cpe":"cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:p1:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"11.60.0"}],"cpe":"cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.0:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"11.60.1"}],"cpe":"cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.1:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"11.60.3"}],"cpe":"cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.3:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"11.60"}],"cpe":"cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"11.70.1"}],"cpe":"cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.1:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"11.70.2"}],"cpe":"cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.2:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"22.1.3"}],"cpe":"cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"22.1.1"}],"cpe":"cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"22.2.0"}],"cpe":"cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"10.0"}],"cpe":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"9.0"}],"cpe":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"fixed":"5.15.0"}],"cpe":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"8.0"}],"cpe":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"}]},"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20221007-0001/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5096"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2000694"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=32f8807a48ae55be0e76880cfe8607a18b5bb0df"},{"type":"FIX","url":"https://github.com/torvalds/linux/commit/32f8807a48ae55be0e76880cfe8607a18b5bb0df"},{"type":"FIX","url":"https://ubuntu.com/security/CVE-2021-3772"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujul2022.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git","events":[{"introduced":"0"},{"fixed":"32f8807a48ae55be0e76880cfe8607a18b5bb0df"}],"database_specific":{"source":"REFERENCES"}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3772.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/torvalds/linux","events":[{"introduced":"0"},{"fixed":"32f8807a48ae55be0e76880cfe8607a18b5bb0df"}],"database_specific":{"source":"REFERENCES"}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3772.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"}]}