| Vulnerability Name: | CVE-2014-3711 (CCN-97720) |
| Assigned: | 2014-10-21 |
| Published: | 2014-10-21 |
| Updated: | 2019-03-18 |
| Summary: | namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent path names.
|
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): Low |
|
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial |
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial |
|
| Vulnerability Type: | CWE-399
|
| Vulnerability Consequences: | Denial of Service |
| References: | Source: MITRE
Type: CNA
CVE-2014-3711
Source: SECUNIA
Type: UNKNOWN
62218
Source: DEBIAN
Type: UNKNOWN
DSA-3070
Source: CCN
Type: BID-70692
FreeBSD namei CVE-2014-3711 Remote Denial of Service Vulnerability
Source: SECTRACK
Type: UNKNOWN
1031100
Source: XF
Type: UNKNOWN
freebsd-cve20143711-dos(97720)
Source: CCN
Type: FreeBSD-SA-14:22.namei
memory leak in sandboxed namei lookup
Source: FREEBSD
Type: Patch
FreeBSD-SA-14:22
Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-3711
|
| Vulnerable Configuration: | Configuration 1:
cpe:/o:freebsd:freebsd:9.1:-:*:*:*:*:*:*OR cpe:/o:freebsd:freebsd:9.1:p4:*:*:*:*:*:*OR cpe:/o:freebsd:freebsd:9.1:p5:*:*:*:*:*:*OR cpe:/o:freebsd:freebsd:9.2:-:*:*:*:*:*:*OR cpe:/o:freebsd:freebsd:9.2:prerelease:*:*:*:*:*:*OR cpe:/o:freebsd:freebsd:9.2:rc1:*:*:*:*:*:*OR cpe:/o:freebsd:freebsd:9.2:rc2:*:*:*:*:*:*OR cpe:/o:freebsd:freebsd:9.3:*:*:*:*:*:*:*OR cpe:/o:freebsd:freebsd:9.3:rc1:*:*:*:*:*:*OR cpe:/o:freebsd:freebsd:9.3:rc2:*:*:*:*:*:*OR cpe:/o:freebsd:freebsd:10.0:-:*:*:*:*:*:*OR cpe:/o:freebsd:freebsd:10.0:rc1:*:*:*:*:*:*OR cpe:/o:freebsd:freebsd:10.0:rc2:*:*:*:*:*:*OR cpe:/o:freebsd:freebsd:10.1:*:*:*:*:*:*:*OR cpe:/o:freebsd:freebsd:10.1:rc1:*:*:*:*:*:*OR cpe:/o:freebsd:freebsd:10.1:rc2:*:*:*:*:*:*
Configuration CCN 1:
cpe:/o:freebsd:freebsd:9.1:-:*:*:*:*:*:*OR cpe:/o:freebsd:freebsd:9.2:-:*:*:*:*:*:*OR cpe:/o:freebsd:freebsd:10.0:-:*:*:*:*:*:*OR cpe:/o:freebsd:freebsd:9.3:-:*:*:*:*:*:*OR cpe:/o:freebsd:freebsd:10.1:-:*:*:*:*:*:*
 Denotes that component is vulnerable |
| Oval Definitions |
|
| BACK |