Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2021-AVI-669
Vulnerability from certfr_avis - Published: 2021-09-01 - Updated: 2021-09-01
De multiples vulnérabilités ont été découvertes dans les produits Moxa. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Moxa | N/A | micrologiciel des équipements de la gamme WAC-2004 : ces équipements ne sont plus maintenus et ne bénéficieront pas de correctif | ||
| Moxa | N/A | micrologiciel des équipements de la gamme OnCell G3470A sans le dernier correctif | ||
| Moxa | N/A | micrologiciel des équipements de la gamme WDR-3124A : ces équipements ne sont plus maintenus et ne bénéficieront pas de correctif | ||
| Moxa | N/A | micrologiciel des équipements de la gamme WAC-1001 sans le dernier correctif | ||
| Moxa | N/A | micrologiciel des équipements de la gamme TAP-323 sans le dernier correctif |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "micrologiciel des \u00e9quipements de la gamme WAC-2004 : ces \u00e9quipements ne sont plus maintenus et ne b\u00e9n\u00e9ficieront pas de correctif",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "micrologiciel des \u00e9quipements de la gamme OnCell G3470A sans le dernier correctif",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "micrologiciel des \u00e9quipements de la gamme WDR-3124A : ces \u00e9quipements ne sont plus maintenus et ne b\u00e9n\u00e9ficieront pas de correctif",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "micrologiciel des \u00e9quipements de la gamme WAC-1001 sans le dernier correctif",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "micrologiciel des \u00e9quipements de la gamme TAP-323 sans le dernier correctif",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2010-0742",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0742"
},
{
"name": "CVE-2012-2136",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2136"
},
{
"name": "CVE-2012-0207",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0207"
},
{
"name": "CVE-2018-6485",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6485"
},
{
"name": "CVE-2017-7618",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7618"
},
{
"name": "CVE-2010-4252",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4252"
},
{
"name": "CVE-2010-4805",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4805"
},
{
"name": "CVE-2015-0292",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0292"
},
{
"name": "CVE-2017-11176",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11176"
},
{
"name": "CVE-2016-4997",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4997"
},
{
"name": "CVE-2012-2110",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
},
{
"name": "CVE-2006-2940",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-2940"
},
{
"name": "CVE-2021-39279",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39279"
},
{
"name": "CVE-2021-39278",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39278"
},
{
"name": "CVE-2012-6638",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6638"
},
{
"name": "CVE-2014-2523",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2523"
},
{
"name": "CVE-2016-10229",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10229"
},
{
"name": "CVE-2016-7039",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7039"
},
{
"name": "CVE-2014-3567",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3567"
},
{
"name": "CVE-2011-0709",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0709"
},
{
"name": "CVE-2010-4251",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4251"
},
{
"name": "CVE-2014-3512",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3512"
},
{
"name": "CVE-2012-3552",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3552"
},
{
"name": "CVE-2012-6701",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6701"
},
{
"name": "CVE-2017-1000111",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000111"
},
{
"name": "CVE-2019-3896",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3896"
},
{
"name": "CVE-2012-6704",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6704"
},
{
"name": "CVE-2009-3245",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3245"
},
{
"name": "CVE-2016-8717",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8717"
},
{
"name": "CVE-2019-16746",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16746"
},
{
"name": "CVE-2016-3134",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3134"
},
{
"name": "CVE-2008-4609",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4609"
},
{
"name": "CVE-2014-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8176"
},
{
"name": "CVE-2015-5364",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5364"
},
{
"name": "CVE-2014-9984",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9984"
},
{
"name": "CVE-2009-1298",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1298"
},
{
"name": "CVE-2015-1465",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1465"
},
{
"name": "CVE-2012-4412",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4412"
},
{
"name": "CVE-2014-9402",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9402"
},
{
"name": "CVE-2006-3738",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3738"
},
{
"name": "CVE-2016-8666",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8666"
},
{
"name": "CVE-2010-3864",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3864"
},
{
"name": "CVE-2015-0235",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0235"
},
{
"name": "CVE-2016-7117",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7117"
},
{
"name": "CVE-2011-2525",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2525"
},
{
"name": "CVE-2006-2937",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-2937"
},
{
"name": "CVE-2015-7547",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7547"
},
{
"name": "CVE-2014-5119",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-5119"
},
{
"name": "CVE-2017-8890",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8890"
},
{
"name": "CVE-2016-7406",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7406"
},
{
"name": "CVE-2013-7470",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7470"
},
{
"name": "CVE-2016-2109",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2109"
},
{
"name": "CVE-2012-0056",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0056"
},
{
"name": "CVE-2016-2108",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
},
{
"name": "CVE-2010-2692",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2692"
},
{
"name": "CVE-2016-2148",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2148"
},
{
"name": "CVE-2010-3848",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3848"
},
{
"name": "CVE-2010-1162",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1162"
}
],
"initial_release_date": "2021-09-01T00:00:00",
"last_revision_date": "2021-09-01T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-669",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-09-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Moxa.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Moxa",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moxa tap-323-wac-1001-2004-wireless-ap-bridge-client-vulnerabilities du 1 septembre 2021",
"url": "https://www.moxa.com/en/support/product-support/security-advisory/tap-323-wac-1001-2004-wireless-ap-bridge-client-vulnerabilities"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moxa oncell-g3470a-wdr-3124a-cellular-gateways-router-vulnerabilities du 1 septembre 2021",
"url": "https://www.moxa.com/en/support/product-support/security-advisory/oncell-g3470a-wdr-3124a-cellular-gateways-router-vulnerabilities"
}
]
}
CVE-2012-3552 (GCVE-0-2012-3552)
Vulnerability from cvelistv5 – Published: 2012-10-03 10:00 – Updated: 2024-08-06 20:13
VLAI
EPSS
Summary
Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an application that sets socket options during the handling of network traffic.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://rhn.redhat.com/errata/RHSA-2012-1540.html | vendor-advisoryx_refsource_REDHAT |
| https://github.com/torvalds/linux/commit/f6d8bd05… | x_refsource_CONFIRM |
| http://ftp.osuosl.org/pub/linux/kernel/v3.0/Chang… | x_refsource_CONFIRM |
| http://git.kernel.org/?p=linux/kernel/git/torvald… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2012/0… | mailing-listx_refsource_MLIST |
| https://bugzilla.redhat.com/show_bug.cgi?id=853465 | x_refsource_CONFIRM |
Date Public
2011-07-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:13:50.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2012:1540",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1540.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/f6d8bd051c391c1c0458a30b2a7abcd939329259"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.osuosl.org/pub/linux/kernel/v3.0/ChangeLog-3.0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f6d8bd051c391c1c0458a30b2a7abcd939329259"
},
{
"name": "[oss-security] 20120831 Re: CVE Request -- kernel: net: slab corruption due to improper synchronization around inet-\u003eopt",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/31/11"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=853465"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-07-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an application that sets socket options during the handling of network traffic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-24T10:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2012:1540",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1540.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/f6d8bd051c391c1c0458a30b2a7abcd939329259"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.osuosl.org/pub/linux/kernel/v3.0/ChangeLog-3.0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f6d8bd051c391c1c0458a30b2a7abcd939329259"
},
{
"name": "[oss-security] 20120831 Re: CVE Request -- kernel: net: slab corruption due to improper synchronization around inet-\u003eopt",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/31/11"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=853465"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3552",
"datePublished": "2012-10-03T10:00:00.000Z",
"dateReserved": "2012-06-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:13:50.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4412 (GCVE-0-2012-4412)
Vulnerability from cvelistv5 – Published: 2013-10-09 22:00 – Updated: 2024-08-06 20:35
VLAI
EPSS
Summary
Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/55113 | third-party-advisoryx_refsource_SECUNIA |
| https://bugzilla.redhat.com/show_bug.cgi?id=855385 | x_refsource_CONFIRM |
| http://www.ubuntu.com/usn/USN-1991-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://sourceware.org/bugzilla/show_bug.cgi?id=14547 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2012/09/07/9 | mailing-listx_refsource_MLIST |
| https://security.gentoo.org/glsa/201503-04 | vendor-advisoryx_refsource_GENTOO |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://seclists.org/fulldisclosure/2019/Jun/18 | mailing-listx_refsource_FULLDISC |
| https://seclists.org/bugtraq/2019/Jun/14 | mailing-listx_refsource_BUGTRAQ |
| http://packetstormsecurity.com/files/153278/WAGO-… | x_refsource_MISC |
Date Public
2013-09-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:09.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55113",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55113"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=855385"
},
{
"name": "USN-1991-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1991-1"
},
{
"name": "MDVSA-2013:284",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceware.org/bugzilla/show_bug.cgi?id=14547"
},
{
"name": "[oss-security] 20130907 CVE Request -- glibc: strcoll() integer overflow leading to buffer overflow + another alloca() stack overflow issue (upstream #14547 \u0026\u0026 #14552)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/07/9"
},
{
"name": "GLSA-201503-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201503-04"
},
{
"name": "MDVSA-2013:283",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283"
},
{
"name": "20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jun/18"
},
{
"name": "20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-13T20:06:04.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "55113",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55113"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=855385"
},
{
"name": "USN-1991-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1991-1"
},
{
"name": "MDVSA-2013:284",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceware.org/bugzilla/show_bug.cgi?id=14547"
},
{
"name": "[oss-security] 20130907 CVE Request -- glibc: strcoll() integer overflow leading to buffer overflow + another alloca() stack overflow issue (upstream #14547 \u0026\u0026 #14552)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/07/9"
},
{
"name": "GLSA-201503-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201503-04"
},
{
"name": "MDVSA-2013:283",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283"
},
{
"name": "20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jun/18"
},
{
"name": "20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jun/14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4412",
"datePublished": "2013-10-09T22:00:00.000Z",
"dateReserved": "2012-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:35:09.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6638 (GCVE-0-2012-6638)
Vulnerability from cvelistv5 – Published: 2014-02-15 11:00 – Updated: 2024-09-16 16:14
VLAI
EPSS
Summary
The tcp_rcv_state_process function in net/ipv4/tcp_input.c in the Linux kernel before 3.2.24 allows remote attackers to cause a denial of service (kernel resource consumption) via a flood of SYN+FIN TCP packets, a different vulnerability than CVE-2012-2663.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.kernel.org/pub/linux/kernel/v3.x/Chang… | x_refsource_CONFIRM |
| http://git.kernel.org/?p=linux/kernel/git/torvald… | x_refsource_CONFIRM |
| https://github.com/torvalds/linux/commit/fdf5af0d… | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=826702 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:01.860Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fdf5af0daf8019cec2396cdef8fb042d80fe71fa"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/fdf5af0daf8019cec2396cdef8fb042d80fe71fa"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=826702"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The tcp_rcv_state_process function in net/ipv4/tcp_input.c in the Linux kernel before 3.2.24 allows remote attackers to cause a denial of service (kernel resource consumption) via a flood of SYN+FIN TCP packets, a different vulnerability than CVE-2012-2663."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-15T11:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fdf5af0daf8019cec2396cdef8fb042d80fe71fa"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/fdf5af0daf8019cec2396cdef8fb042d80fe71fa"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=826702"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The tcp_rcv_state_process function in net/ipv4/tcp_input.c in the Linux kernel before 3.2.24 allows remote attackers to cause a denial of service (kernel resource consumption) via a flood of SYN+FIN TCP packets, a different vulnerability than CVE-2012-2663."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fdf5af0daf8019cec2396cdef8fb042d80fe71fa",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fdf5af0daf8019cec2396cdef8fb042d80fe71fa"
},
{
"name": "https://github.com/torvalds/linux/commit/fdf5af0daf8019cec2396cdef8fb042d80fe71fa",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/fdf5af0daf8019cec2396cdef8fb042d80fe71fa"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=826702",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=826702"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6638",
"datePublished": "2014-02-15T11:00:00.000Z",
"dateReserved": "2014-02-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:14:01.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6701 (GCVE-0-2012-6701)
Vulnerability from cvelistv5 – Published: 2016-05-02 10:00 – Updated: 2024-08-06 21:36
VLAI
EPSS
Summary
Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://github.com/torvalds/linux/commit/a70b52ec… | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=1314288 | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2018:1854 | vendor-advisoryx_refsource_REDHAT |
| http://git.kernel.org/cgit/linux/kernel/git/torva… | x_refsource_CONFIRM |
| http://www.kernel.org/pub/linux/kernel/v3.x/Chang… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2016/03/02/9 | mailing-listx_refsource_MLIST |
Date Public
2012-06-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:01.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/a70b52ec1aaeaf60f4739edb1b422827cb6f3893"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1314288"
},
{
"name": "RHSA-2018:1854",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1854"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a70b52ec1aaeaf60f4739edb1b422827cb6f3893"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.1"
},
{
"name": "[oss-security] 20160302 Re: CVE Request: Linux: aio write triggers integer overflow in some network protocols",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/02/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-19T09:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/a70b52ec1aaeaf60f4739edb1b422827cb6f3893"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1314288"
},
{
"name": "RHSA-2018:1854",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1854"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a70b52ec1aaeaf60f4739edb1b422827cb6f3893"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.1"
},
{
"name": "[oss-security] 20160302 Re: CVE Request: Linux: aio write triggers integer overflow in some network protocols",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/02/9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-6701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/a70b52ec1aaeaf60f4739edb1b422827cb6f3893",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/a70b52ec1aaeaf60f4739edb1b422827cb6f3893"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1314288",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1314288"
},
{
"name": "RHSA-2018:1854",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1854"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a70b52ec1aaeaf60f4739edb1b422827cb6f3893",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a70b52ec1aaeaf60f4739edb1b422827cb6f3893"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.1",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.1"
},
{
"name": "[oss-security] 20160302 Re: CVE Request: Linux: aio write triggers integer overflow in some network protocols",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/03/02/9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2012-6701",
"datePublished": "2016-05-02T10:00:00.000Z",
"dateReserved": "2016-03-02T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:36:01.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6704 (GCVE-0-2012-6704)
Vulnerability from cvelistv5 – Published: 2016-12-28 07:42 – Updated: 2024-08-06 21:36
VLAI
EPSS
Summary
The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/95135 | vdb-entryx_refsource_BID |
| https://bugzilla.redhat.com/show_bug.cgi?id=1402024 | x_refsource_CONFIRM |
| http://git.kernel.org/cgit/linux/kernel/git/torva… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2016/12/03/1 | mailing-listx_refsource_MLIST |
| https://github.com/torvalds/linux/commit/82981930… | x_refsource_CONFIRM |
Date Public
2012-04-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:02.175Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95135",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95135"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402024"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=82981930125abfd39d7c8378a9cfdf5e1be2002b"
},
{
"name": "[oss-security] 20161202 Re: CVE Request: Linux: signed overflows for SO_{SND|RCV}BUFFORCE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/03/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/82981930125abfd39d7c8378a9cfdf5e1be2002b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "95135",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95135"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402024"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=82981930125abfd39d7c8378a9cfdf5e1be2002b"
},
{
"name": "[oss-security] 20161202 Re: CVE Request: Linux: signed overflows for SO_{SND|RCV}BUFFORCE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/03/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/82981930125abfd39d7c8378a9cfdf5e1be2002b"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6704",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95135",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95135"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1402024",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402024"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=82981930125abfd39d7c8378a9cfdf5e1be2002b",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=82981930125abfd39d7c8378a9cfdf5e1be2002b"
},
{
"name": "[oss-security] 20161202 Re: CVE Request: Linux: signed overflows for SO_{SND|RCV}BUFFORCE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/03/1"
},
{
"name": "https://github.com/torvalds/linux/commit/82981930125abfd39d7c8378a9cfdf5e1be2002b",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/82981930125abfd39d7c8378a9cfdf5e1be2002b"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6704",
"datePublished": "2016-12-28T07:42:00.000Z",
"dateReserved": "2016-12-02T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:36:02.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7470 (GCVE-0-2013-7470)
Vulnerability from cvelistv5 – Published: 2019-04-23 02:22 – Updated: 2024-08-06 18:09
VLAI
EPSS
Summary
cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstrated by icmpsic, a different vulnerability than CVE-2013-0310.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/torvalds/linux/commit/f2e5ddcc… | x_refsource_MISC |
| https://git.kernel.org/cgit/linux/kernel/git/torv… | x_refsource_MISC |
| https://cdn.kernel.org/pub/linux/kernel/v3.x/Chan… | x_refsource_MISC |
| https://support.f5.com/csp/article/K21914362 | x_refsource_CONFIRM |
| https://www.arista.com/en/support/advisories-noti… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:16.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/f2e5ddcc0d12f9c4c7b254358ad245c9dddce13b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f2e5ddcc0d12f9c4c7b254358ad245c9dddce13b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K21914362"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/7098-security-advisory-40"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstrated by icmpsic, a different vulnerability than CVE-2013-0310."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-08T11:19:06.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/f2e5ddcc0d12f9c4c7b254358ad245c9dddce13b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f2e5ddcc0d12f9c4c7b254358ad245c9dddce13b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K21914362"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/7098-security-advisory-40"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7470",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstrated by icmpsic, a different vulnerability than CVE-2013-0310."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/f2e5ddcc0d12f9c4c7b254358ad245c9dddce13b",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/f2e5ddcc0d12f9c4c7b254358ad245c9dddce13b"
},
{
"name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f2e5ddcc0d12f9c4c7b254358ad245c9dddce13b",
"refsource": "MISC",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f2e5ddcc0d12f9c4c7b254358ad245c9dddce13b"
},
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.7",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.7"
},
{
"name": "https://support.f5.com/csp/article/K21914362",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K21914362"
},
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisories/7098-security-advisory-40",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/7098-security-advisory-40"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7470",
"datePublished": "2019-04-23T02:22:33.000Z",
"dateReserved": "2019-04-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:09:16.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2523 (GCVE-0-2014-2523)
Vulnerability from cvelistv5 – Published: 2014-03-24 10:00 – Updated: 2024-08-06 10:14
VLAI
EPSS
Summary
net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://twitter.com/grsecurity/statuses/4454961973… | x_refsource_MISC |
| http://www.ubuntu.com/usn/USN-2173-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.securityfocus.com/bid/66279 | vdb-entryx_refsource_BID |
| http://www.ubuntu.com/usn/USN-2174-1 | vendor-advisoryx_refsource_UBUNTU |
| http://secunia.com/advisories/57446 | third-party-advisoryx_refsource_SECUNIA |
| https://bugzilla.redhat.com/show_bug.cgi?id=1077343 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1029945 | vdb-entryx_refsource_SECTRACK |
| http://git.kernel.org/?p=linux/kernel/git/torvald… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://github.com/torvalds/linux/commit/b22f5126… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2014/03/17/7 | mailing-listx_refsource_MLIST |
Date Public
2014-03-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:26.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://twitter.com/grsecurity/statuses/445496197399461888"
},
{
"name": "USN-2173-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2173-1"
},
{
"name": "66279",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66279"
},
{
"name": "USN-2174-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2174-1"
},
{
"name": "57446",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57446"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1077343"
},
{
"name": "1029945",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029945"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b22f5126a24b3b2f15448c3f2a254fc10cbc2b92"
},
{
"name": "linux-kernel-cve20142523-code-exec(91910)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91910"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/b22f5126a24b3b2f15448c3f2a254fc10cbc2b92"
},
{
"name": "[oss-security] 20140317 Re: CVE Request: netfilter: remote memory corruption in nf_conntrack_proto_dccp.c",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/03/17/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-15T17:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://twitter.com/grsecurity/statuses/445496197399461888"
},
{
"name": "USN-2173-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2173-1"
},
{
"name": "66279",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66279"
},
{
"name": "USN-2174-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2174-1"
},
{
"name": "57446",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57446"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1077343"
},
{
"name": "1029945",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029945"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b22f5126a24b3b2f15448c3f2a254fc10cbc2b92"
},
{
"name": "linux-kernel-cve20142523-code-exec(91910)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91910"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/b22f5126a24b3b2f15448c3f2a254fc10cbc2b92"
},
{
"name": "[oss-security] 20140317 Re: CVE Request: netfilter: remote memory corruption in nf_conntrack_proto_dccp.c",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/03/17/7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://twitter.com/grsecurity/statuses/445496197399461888",
"refsource": "MISC",
"url": "http://twitter.com/grsecurity/statuses/445496197399461888"
},
{
"name": "USN-2173-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2173-1"
},
{
"name": "66279",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66279"
},
{
"name": "USN-2174-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2174-1"
},
{
"name": "57446",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57446"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1077343",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1077343"
},
{
"name": "1029945",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029945"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b22f5126a24b3b2f15448c3f2a254fc10cbc2b92",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b22f5126a24b3b2f15448c3f2a254fc10cbc2b92"
},
{
"name": "linux-kernel-cve20142523-code-exec(91910)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91910"
},
{
"name": "https://github.com/torvalds/linux/commit/b22f5126a24b3b2f15448c3f2a254fc10cbc2b92",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/b22f5126a24b3b2f15448c3f2a254fc10cbc2b92"
},
{
"name": "[oss-security] 20140317 Re: CVE Request: netfilter: remote memory corruption in nf_conntrack_proto_dccp.c",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/03/17/7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2523",
"datePublished": "2014-03-24T10:00:00.000Z",
"dateReserved": "2014-03-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:14:26.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3512 (GCVE-0-2014-3512)
Vulnerability from cvelistv5 – Published: 2014-08-13 23:00 – Updated: 2024-08-06 10:43
VLAI
EPSS
Summary
Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
36 references
Date Public
2014-08-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:06.360Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2014:1052",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
},
{
"name": "60221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
},
{
"name": "61184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61184"
},
{
"name": "SSRT101846",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
},
{
"name": "60022",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60022"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15565.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv_20140806.txt"
},
{
"name": "61017",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61017"
},
{
"name": "openssl-cve20143512-dos(95158)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95158"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=4a23b12a031860253b58d503f296377ca076427b"
},
{
"name": "GLSA-201412-39",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
},
{
"name": "HPSBHF03293",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
},
{
"name": "60803",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60803"
},
{
"name": "59700",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59700"
},
{
"name": "1030693",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030693"
},
{
"name": "60917",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60917"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tenable.com/security/tns-2014-06"
},
{
"name": "NetBSD-SA2014-008",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
},
{
"name": "60493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60493"
},
{
"name": "59710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59710"
},
{
"name": "60921",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60921"
},
{
"name": "60810",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60810"
},
{
"name": "69083",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69083"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
},
{
"name": "61100",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61100"
},
{
"name": "FreeBSD-SA-14:18",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
},
{
"name": "61775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61775"
},
{
"name": "DSA-2998",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2998"
},
{
"name": "61959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61959"
},
{
"name": "59756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59756"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
},
{
"name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
},
{
"name": "61171",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61171"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2014:1052",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
},
{
"name": "60221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
},
{
"name": "61184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61184"
},
{
"name": "SSRT101846",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
},
{
"name": "60022",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60022"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15565.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openssl.org/news/secadv_20140806.txt"
},
{
"name": "61017",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61017"
},
{
"name": "openssl-cve20143512-dos(95158)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95158"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=4a23b12a031860253b58d503f296377ca076427b"
},
{
"name": "GLSA-201412-39",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
},
{
"name": "HPSBHF03293",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
},
{
"name": "60803",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60803"
},
{
"name": "59700",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59700"
},
{
"name": "1030693",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030693"
},
{
"name": "60917",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60917"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tenable.com/security/tns-2014-06"
},
{
"name": "NetBSD-SA2014-008",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
},
{
"name": "60493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60493"
},
{
"name": "59710",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59710"
},
{
"name": "60921",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60921"
},
{
"name": "60810",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60810"
},
{
"name": "69083",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69083"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
},
{
"name": "61100",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61100"
},
{
"name": "FreeBSD-SA-14:18",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
},
{
"name": "61775",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61775"
},
{
"name": "DSA-2998",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2998"
},
{
"name": "61959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61959"
},
{
"name": "59756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59756"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
},
{
"name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
},
{
"name": "61171",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61171"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:1052",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00036.html"
},
{
"name": "60221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60221"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682293"
},
{
"name": "61184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61184"
},
{
"name": "SSRT101846",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
},
{
"name": "60022",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60022"
},
{
"name": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15565.html",
"refsource": "CONFIRM",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15565.html"
},
{
"name": "https://www.openssl.org/news/secadv_20140806.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv_20140806.txt"
},
{
"name": "61017",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61017"
},
{
"name": "openssl-cve20143512-dos(95158)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95158"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683389"
},
{
"name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm"
},
{
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4a23b12a031860253b58d503f296377ca076427b",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4a23b12a031860253b58d503f296377ca076427b"
},
{
"name": "GLSA-201412-39",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
},
{
"name": "HPSBHF03293",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
},
{
"name": "60803",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60803"
},
{
"name": "59700",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59700"
},
{
"name": "1030693",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030693"
},
{
"name": "60917",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60917"
},
{
"name": "http://www.tenable.com/security/tns-2014-06",
"refsource": "CONFIRM",
"url": "http://www.tenable.com/security/tns-2014-06"
},
{
"name": "NetBSD-SA2014-008",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-008.txt.asc"
},
{
"name": "60493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60493"
},
{
"name": "59710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59710"
},
{
"name": "60921",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60921"
},
{
"name": "60810",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60810"
},
{
"name": "69083",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69083"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240"
},
{
"name": "61100",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61100"
},
{
"name": "FreeBSD-SA-14:18",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:18.openssl.asc"
},
{
"name": "61775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61775"
},
{
"name": "DSA-2998",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2998"
},
{
"name": "61959",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61959"
},
{
"name": "59756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59756"
},
{
"name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc",
"refsource": "CONFIRM",
"url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc"
},
{
"name": "[syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released",
"refsource": "MLIST",
"url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-September/000196.html"
},
{
"name": "61171",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61171"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3512",
"datePublished": "2014-08-13T23:00:00.000Z",
"dateReserved": "2014-05-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:43:06.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3567 (GCVE-0-2014-3567)
Vulnerability from cvelistv5 – Published: 2014-10-19 01:00 – Updated: 2024-08-06 10:50
VLAI
EPSS
Summary
Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
56 references
Date Public
2014-10-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:18.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "HPSBOV03227",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc"
},
{
"name": "HPSBHF03300",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2"
},
{
"name": "openSUSE-SU-2014:1331",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "HPSBUX03162",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
},
{
"name": "61130",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61130"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv_20141015.txt"
},
{
"name": "1031052",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031052"
},
{
"name": "62070",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62070"
},
{
"name": "70586",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70586"
},
{
"name": "61073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61073"
},
{
"name": "USN-2385-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2385-1"
},
{
"name": "HPSBMU03304",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
},
{
"name": "GLSA-201412-39",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
},
{
"name": "DSA-3053",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3053"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
},
{
"name": "HPSBMU03223",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143290583027876\u0026w=2"
},
{
"name": "SSRT101868",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"name": "HPSBMU03260",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT205217"
},
{
"name": "SSRT101779",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
},
{
"name": "openSUSE-SU-2016:0640",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=7fd4ce6a997be5f5c9e744ac527725c2850de203"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"name": "APPLE-SA-2015-09-16-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html"
},
{
"name": "SUSE-SU-2014:1357",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10091"
},
{
"name": "NetBSD-SA2014-015",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD",
"x_transferred"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.splunk.com/view/SP-CAAANST"
},
{
"name": "61837",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61837"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/HT204244"
},
{
"name": "SSRT101767",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
},
{
"name": "61207",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61207"
},
{
"name": "RHSA-2014:1652",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1652.html"
},
{
"name": "62124",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62124"
},
{
"name": "59627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59627"
},
{
"name": "SSRT101894",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
},
{
"name": "61298",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61298"
},
{
"name": "HPSBMU03263",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
},
{
"name": "SUSE-SU-2014:1361",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html"
},
{
"name": "HPSBMU03296",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142834685803386\u0026w=2"
},
{
"name": "61990",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61990"
},
{
"name": "61959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61959"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0416.html"
},
{
"name": "HPSBMU03267",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
},
{
"name": "HPSBMU03261",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
},
{
"name": "RHSA-2015:0126",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0126.html"
},
{
"name": "61058",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61058"
},
{
"name": "MDVSA-2015:062",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
},
{
"name": "HPSBGN03233",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"name": "MDVSA-2014:203",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:203"
},
{
"name": "SSRT101739",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"name": "62030",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62030"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX216642"
},
{
"name": "APPLE-SA-2015-01-27-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
},
{
"name": "61819",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61819"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
},
{
"name": "RHSA-2014:1692",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1692.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-14T10:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "HPSBOV03227",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc"
},
{
"name": "HPSBHF03300",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2"
},
{
"name": "openSUSE-SU-2014:1331",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "HPSBUX03162",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
},
{
"name": "61130",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61130"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openssl.org/news/secadv_20141015.txt"
},
{
"name": "1031052",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031052"
},
{
"name": "62070",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62070"
},
{
"name": "70586",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70586"
},
{
"name": "61073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61073"
},
{
"name": "USN-2385-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2385-1"
},
{
"name": "HPSBMU03304",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
},
{
"name": "GLSA-201412-39",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
},
{
"name": "DSA-3053",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3053"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
},
{
"name": "HPSBMU03223",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143290583027876\u0026w=2"
},
{
"name": "SSRT101868",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"name": "HPSBMU03260",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT205217"
},
{
"name": "SSRT101779",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
},
{
"name": "openSUSE-SU-2016:0640",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=7fd4ce6a997be5f5c9e744ac527725c2850de203"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"name": "APPLE-SA-2015-09-16-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html"
},
{
"name": "SUSE-SU-2014:1357",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10091"
},
{
"name": "NetBSD-SA2014-015",
"tags": [
"vendor-advisory",
"x_refsource_NETBSD"
],
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.splunk.com/view/SP-CAAANST"
},
{
"name": "61837",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61837"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/HT204244"
},
{
"name": "SSRT101767",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
},
{
"name": "61207",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61207"
},
{
"name": "RHSA-2014:1652",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1652.html"
},
{
"name": "62124",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62124"
},
{
"name": "59627",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59627"
},
{
"name": "SSRT101894",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
},
{
"name": "61298",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61298"
},
{
"name": "HPSBMU03263",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
},
{
"name": "SUSE-SU-2014:1361",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html"
},
{
"name": "HPSBMU03296",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142834685803386\u0026w=2"
},
{
"name": "61990",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61990"
},
{
"name": "61959",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61959"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0416.html"
},
{
"name": "HPSBMU03267",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
},
{
"name": "HPSBMU03261",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
},
{
"name": "RHSA-2015:0126",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0126.html"
},
{
"name": "61058",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61058"
},
{
"name": "MDVSA-2015:062",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
},
{
"name": "HPSBGN03233",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"name": "MDVSA-2014:203",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:203"
},
{
"name": "SSRT101739",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"name": "62030",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62030"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.citrix.com/article/CTX216642"
},
{
"name": "APPLE-SA-2015-01-27-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
},
{
"name": "61819",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61819"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
},
{
"name": "RHSA-2014:1692",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1692.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3567",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBOV03227",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
},
{
"name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc",
"refsource": "CONFIRM",
"url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc"
},
{
"name": "HPSBHF03300",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=142804214608580\u0026w=2"
},
{
"name": "openSUSE-SU-2014:1331",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "HPSBUX03162",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
},
{
"name": "61130",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61130"
},
{
"name": "https://www.openssl.org/news/secadv_20141015.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv_20141015.txt"
},
{
"name": "1031052",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031052"
},
{
"name": "62070",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62070"
},
{
"name": "70586",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70586"
},
{
"name": "61073",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61073"
},
{
"name": "USN-2385-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2385-1"
},
{
"name": "HPSBMU03304",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=142791032306609\u0026w=2"
},
{
"name": "GLSA-201412-39",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201412-39.xml"
},
{
"name": "DSA-3053",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3053"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
},
{
"name": "HPSBMU03223",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=143290583027876\u0026w=2"
},
{
"name": "SSRT101868",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"name": "HPSBMU03260",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
},
{
"name": "https://support.apple.com/HT205217",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205217"
},
{
"name": "SSRT101779",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=142103967620673\u0026w=2"
},
{
"name": "openSUSE-SU-2016:0640",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7fd4ce6a997be5f5c9e744ac527725c2850de203",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7fd4ce6a997be5f5c9e744ac527725c2850de203"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
},
{
"name": "APPLE-SA-2015-09-16-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html"
},
{
"name": "SUSE-SU-2014:1357",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10091",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10091"
},
{
"name": "NetBSD-SA2014-015",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc"
},
{
"name": "http://www.splunk.com/view/SP-CAAANST",
"refsource": "CONFIRM",
"url": "http://www.splunk.com/view/SP-CAAANST"
},
{
"name": "61837",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61837"
},
{
"name": "http://support.apple.com/HT204244",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204244"
},
{
"name": "SSRT101767",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=141477196830952\u0026w=2"
},
{
"name": "61207",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61207"
},
{
"name": "RHSA-2014:1652",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1652.html"
},
{
"name": "62124",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62124"
},
{
"name": "59627",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59627"
},
{
"name": "SSRT101894",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=142495837901899\u0026w=2"
},
{
"name": "61298",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61298"
},
{
"name": "HPSBMU03263",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=143290437727362\u0026w=2"
},
{
"name": "SUSE-SU-2014:1361",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html"
},
{
"name": "HPSBMU03296",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=142834685803386\u0026w=2"
},
{
"name": "61990",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61990"
},
{
"name": "61959",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61959"
},
{
"name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6",
"refsource": "CONFIRM",
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0416.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0416.html"
},
{
"name": "HPSBMU03267",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=142624590206005\u0026w=2"
},
{
"name": "HPSBMU03261",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=143290522027658\u0026w=2"
},
{
"name": "RHSA-2015:0126",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0126.html"
},
{
"name": "61058",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61058"
},
{
"name": "MDVSA-2015:062",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
},
{
"name": "HPSBGN03233",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"name": "MDVSA-2014:203",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:203"
},
{
"name": "SSRT101739",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=142118135300698\u0026w=2"
},
{
"name": "62030",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62030"
},
{
"name": "https://support.citrix.com/article/CTX216642",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX216642"
},
{
"name": "APPLE-SA-2015-01-27-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"
},
{
"name": "61819",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61819"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686997"
},
{
"name": "RHSA-2014:1692",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1692.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3567",
"datePublished": "2014-10-19T01:00:00.000Z",
"dateReserved": "2014-05-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:50:18.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5119 (GCVE-0-2014-5119)
Vulnerability from cvelistv5 – Published: 2014-08-29 17:00 – Updated: 2024-08-06 11:34
VLAI
EPSS
Summary
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
22 references
Date Public
2014-07-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "60441",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60441"
},
{
"name": "[oss-security] 20170713 Re: [CVE Request] glibc iconv_open buffer overflow (was: Re: Re: glibc locale issues)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/08/13/5"
},
{
"name": "69738",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69738"
},
{
"name": "RHSA-2014:1118",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1118.html"
},
{
"name": "RHSA-2014:1110",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2014-1110.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685604"
},
{
"name": "60345",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60345"
},
{
"name": "61093",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61093"
},
{
"name": "GLSA-201602-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201602-02"
},
{
"name": "MDVSA-2014:175",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:175"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html"
},
{
"name": "[oss-security] 20170713 glibc locale issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/14/1"
},
{
"name": "68983",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68983"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=17187"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://code.google.com/p/google-security-research/issues/detail?id=96"
},
{
"name": "20140826 CVE-2014-5119 glibc __gconv_translit_find() exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Aug/69"
},
{
"name": "DSA-3012",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3012"
},
{
"name": "61074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61074"
},
{
"name": "20140910 Cisco Unified Communications Manager glibc Arbitrary Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-5119"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://linux.oracle.com/errata/ELSA-2015-0092.html"
},
{
"name": "SUSE-SU-2014:1125",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00017.html"
},
{
"name": "60358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60358"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-04T17:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "60441",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60441"
},
{
"name": "[oss-security] 20170713 Re: [CVE Request] glibc iconv_open buffer overflow (was: Re: Re: glibc locale issues)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/08/13/5"
},
{
"name": "69738",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69738"
},
{
"name": "RHSA-2014:1118",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1118.html"
},
{
"name": "RHSA-2014:1110",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://rhn.redhat.com/errata/RHSA-2014-1110.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685604"
},
{
"name": "60345",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60345"
},
{
"name": "61093",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61093"
},
{
"name": "GLSA-201602-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201602-02"
},
{
"name": "MDVSA-2014:175",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:175"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html"
},
{
"name": "[oss-security] 20170713 glibc locale issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/14/1"
},
{
"name": "68983",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68983"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=17187"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://code.google.com/p/google-security-research/issues/detail?id=96"
},
{
"name": "20140826 CVE-2014-5119 glibc __gconv_translit_find() exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Aug/69"
},
{
"name": "DSA-3012",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3012"
},
{
"name": "61074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61074"
},
{
"name": "20140910 Cisco Unified Communications Manager glibc Arbitrary Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-5119"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://linux.oracle.com/errata/ELSA-2015-0092.html"
},
{
"name": "SUSE-SU-2014:1125",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00017.html"
},
{
"name": "60358",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60358"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-5119",
"datePublished": "2014-08-29T17:00:00.000Z",
"dateReserved": "2014-07-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:34:37.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…