CVEs-PoC/2021/CVE-2021-3772.md

### [CVE-2021-3772](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3772)
![](https://img.shields.io/static/v1?label=Product&message=kernel&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=Fixed%20in%20linux%20kernel%20v5.15%20and%20above%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-354%20-%20Improper%20Validation%20of%20Integrity%20Check%20Value&color=brightgreen)

### Description

A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.

### POC

#### Reference
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=32f8807a48ae55be0e76880cfe8607a18b5bb0df
- https://ubuntu.com/security/CVE-2021-3772
- https://www.oracle.com/security-alerts/cpujul2022.html

#### Github
No PoCs found on GitHub currently.