Vulnerability Name: | CVE-2014-8321 (CCN-98458) | ||||||||||||||||||||||||||||||||||||
Assigned: | 2014-10-20 | ||||||||||||||||||||||||||||||||||||
Published: | 2014-10-20 | ||||||||||||||||||||||||||||||||||||
Updated: | 2020-02-05 | ||||||||||||||||||||||||||||||||||||
Summary: | Stack-based buffer overflow in the gps_tracker function in airodump-ng.c in Aircrack-ng before 1.2 RC 1 allows local users to execute arbitrary code or gain privileges via unspecified vectors. | ||||||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
| ||||||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P) 3.6 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-787 | ||||||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||
References: | Source: CONFIRM Type: Product, Release Notes, Third Party Advisory http://aircrack-ng.blogspot.com/2014/10/aircrack-ng-12-release-candidate-1.html Source: CCN Type: BugTraq Mailing List, Sat Nov 01 2014 - 06:41:09 CDT "Aircrack-ng 1.2 Beta 3" multiple vulnerabilities Source: MITRE Type: CNA CVE-2014-8321 Source: MISC Type: Third Party Advisory, VDB Entry http://packetstormsecurity.com/files/128943/Aircrack-ng-1.2-Beta-3-DoS-Code-Execution.html Source: CCN Type: Aircrack-ng Web site Aircrack-ng Source: CCN Type: BID-71068 Aircrack-ng 'gps_tracker()' Function Stack Buffer Overflow Vulnerability Source: MISC Type: Third Party Advisory, VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/98458 Source: XF Type: UNKNOWN aircrackng-cve20148321-code-exec(98458) Source: CONFIRM Type: Patch, Third Party Advisory https://github.com/aircrack-ng/aircrack-ng/commit/ff70494dd389ba570dbdbf36f217c28d4381c6b5/ Source: MISC Type: Patch, Third Party Advisory https://github.com/aircrack-ng/aircrack-ng/pull/13 Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [10-20-2014] Source: CCN Type: WhiteSource Vulnerability Database CVE-2014-8321 | ||||||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||
BACK |