A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.
https://bugzilla.redhat.com/show_bug.cgi?id=2000694
https://github.com/torvalds/linux/commit/32f8807a48ae55be0e76880cfe8607a18b5bb0df
https://ubuntu.com/security/CVE-2021-3772
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
https://www.debian.org/security/2022/dsa-5096
Source: MITRE
Published: 2022-03-02
Updated: 2023-02-12
Type: CWE-354
Base Score: 5.8
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
Impact Score: 4.9
Exploitability Score: 8.6
Severity: MEDIUM
Base Score: 6.5
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
Impact Score: 4.2
Exploitability Score: 2.2
Severity: MEDIUM