7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.17 Low
EPSS
Percentile
95.5%
Integer underflow in the olsr_print function when in verbose mode,
allows remote attackers to cause a denial of service (crash) via a
crafted length value in an OLSR frame.
Multiple Integer underflows in the geonet_print function, when in
verbose mode, allow remote attackers to cause a denial of service
(segmentation fault and crash) via a crafted length value in a Geonet frame.
Might allow remote attackers to obtain sensitive information from memory
or cause a denial of service (packet loss or segmentation fault) via a
crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers
an out-of-bounds memory access.
Buffer overflow in the ppp_hdlc function in print-ppp.c allows remote
attackers to cause a denial of service (crash) cia a crafted PPP packet
or possibly execute arbitrary code.
IPv6 mobility printer mobility_opt_print() typecastimg/signedness error
would handle "len" as "int" (=positive and negative numbers), instead of
"unsigned int" (=only positive numbers). When calling
mobility_opt_print() with a negative "len", the "i < len" check would
not be satisfied and it would not enter the loop and try to read from bp[i].
TCP printer problem with missing length check in the
rpki_rtr_pdu_print() function in print-rpki-rtr.c when processing
RPKI-RTR PDUs (Protocol Data Units) with an incorrect header length.
Without this check, the function will try to operate on invalid data
when processing certain packets, leading to all kinds of unwanted side
effects, including crashes due to invalid reads, writes and general
memory corruption. Due to the memory corruption aspect it may lead to
code execution.
Ethernet printer osi_print_cksum() missing sanity checks in
print-isoclns.c. The function may call the create_osi_cksum() function
in checksum.c with invalid data leading to out-of-bounds memory read.
A flaw was found in tcpdump’s force printer. A remote attacker could use
this flaw to cause tcpdump to crash, resulting in a denial of service,
or possibly execute arbitrary code.
access.redhat.com/security/cve/CVE-2015-0261
access.redhat.com/security/cve/CVE-2015-2153
access.redhat.com/security/cve/CVE-2015-2154
access.redhat.com/security/cve/CVE-2015-2155
bugs.archlinux.org/task/44153
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8767
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8768
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8769
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9140