Vulnerability Name: | CVE-2014-3953 (CCN-94447) | ||||||||
Assigned: | 2014-07-08 | ||||||||
Published: | 2014-07-08 | ||||||||
Updated: | 2014-11-19 | ||||||||
Summary: | FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via a (1) SCTP_SNDRCV, (2) SCTP_EXTRCV, or (3) SCTP_RCVINFO SCTP cmsg or a (4) SCTP_PEER_ADDR_CHANGE, (5) SCTP_REMOTE_ERROR, or (6) SCTP_AUTHENTICATION_EVENT notification. | ||||||||
CVSS v3 Severity: | 6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
| ||||||||
CVSS v2 Severity: | 4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-119 | ||||||||
Vulnerability Consequences: | Obtain Information | ||||||||
References: | Source: MITRE Type: CNA CVE-2014-3953 Source: SECUNIA Type: UNKNOWN 62218 Source: DEBIAN Type: UNKNOWN DSA-3070 Source: CCN Type: FreeBSD-SA-14:17.kmem Kernel memory disclosure in control messages and SCTP notifications Source: FREEBSD Type: Vendor Advisory FreeBSD-SA-14:17 Source: CCN Type: BID-68467 FreeBSD CVE-2014-3953 Multiple Local Information Disclosure Vulnerabilities Source: SECTRACK Type: UNKNOWN 1030539 Source: XF Type: UNKNOWN freebsd-cve20143953-info-disc(94447) Source: CCN Type: WhiteSource Vulnerability Database CVE-2014-3953 | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |