Versions Affected : All verisons prior to FreeNAS 11.3-U5


Description

The Stream Control Transmission Protocol (SCTP) is a message oriented transport protocol supporting arbitrary large user messages. It can be accessed from applications by using the the socket API.

Due to improper handling in the kernel, a use-after-free bug can be triggered by sending large user messages from multiple threads on the same socket.


Workaround

No workaround is available.


Mitigation

  • Upgrade to FreeNAS 11.3-U5 or later.

Commit


Further information