10
CVE-2014-2523
- EPSS 10.39%
- Veröffentlicht 24.03.2014 16:40:48
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 3.2.57
Linux ≫ Linux Kernel Version >= 3.3 < 3.4.86
Linux ≫ Linux Kernel Version >= 3.5 < 3.10.36
Linux ≫ Linux Kernel Version >= 3.11 < 3.12.17
Linux ≫ Linux Kernel Version >= 3.13.0 < 3.13.9
Canonical ≫ Ubuntu Linux Version10.04 SwEdition-
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 10.39% | 0.951 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www.ubuntu.com/usn/USN-2173-1
http://www.ubuntu.com/usn/USN-2174-1
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b22f5126a24b3b2f15448c3f2a254fc10cbc2b92
http://secunia.com/advisories/57446
http://twitter.com/grsecurity/statuses/445496197399461888
http://www.openwall.com/lists/oss-security/2014/03/17/7
http://www.securityfocus.com/bid/66279
http://www.securitytracker.com/id/1029945
https://bugzilla.redhat.com/show_bug.cgi?id=1077343
https://exchange.xforce.ibmcloud.com/vulnerabilities/91910
https://github.com/torvalds/linux/commit/b22f5126a24b3b2f15448c3f2a254fc10cbc2b92