7.8
CVE-2014-9428
- EPSS 2.95%
- Published 02.01.2015 21:59:00
- Last modified 12.04.2025 10:46:40
- Source security@debian.org
- Teams watchlist Login
- Open Login
The batadv_frag_merge_packets function in net/batman-adv/fragmentation.c in the B.A.T.M.A.N. implementation in the Linux kernel through 3.18.1 uses an incorrect length field during a calculation of an amount of memory, which allows remote attackers to cause a denial of service (mesh-node system crash) via fragmented packets.
Data is provided by the National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 3.13 < 3.14.30
Linux ≫ Linux Kernel Version >= 3.15 < 3.16.35
Linux ≫ Linux Kernel Version >= 3.17 < 3.18.4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.95% | 0.852 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:C
|