| Vulnerability Name: | CVE-2014-3000 (CCN-92976) | ||||||||
| Assigned: | 2014-04-30 | ||||||||
| Published: | 2014-04-30 | ||||||||
| Updated: | 2014-06-21 | ||||||||
| Summary: | The TCP reassembly function in the inet module in FreeBSD 8.3 before p16, 8.4 before p9, 9.1 before p12, 9.2 before p5, and 10.0 before p2 allows remote attackers to cause a denial of service (undefined memory access and system crash) or possibly read system memory via multiple crafted packets, related to moving a reassemble queue entry to the segment list when the queue is full. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||
| CVSS v2 Severity: | 7.8 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:C) 5.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:C/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-119 | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: MITRE Type: CNA CVE-2014-3000 Source: SECUNIA Type: Vendor Advisory 58293 Source: SECUNIA Type: UNKNOWN 59034 Source: DEBIAN Type: UNKNOWN DSA-2952 Source: CCN Type: FreeBSD-SA-14:08.tcp TCP reassembly vulnerability Source: FREEBSD Type: Vendor Advisory FreeBSD-SA-14:08 Source: BID Type: UNKNOWN 67153 Source: CCN Type: BID-67153 FreeBSD CVE-2014-3000 Remote Denial of Service Vulnerability Source: SECTRACK Type: UNKNOWN 1030172 Source: XF Type: UNKNOWN freebsd-cve20143000-dos(92976) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||