Lucene search

[email protected]CVE-2013-0250

HistoryJun 06, 2014 - 2:55 p.m.

CVE-2013-0250

2014-06-0614:55:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2013-0250

corosync

denial of service

crash

remote attackers

nvd

6.7 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.013 Low

EPSS

Percentile

85.9%

JSON

The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 before 2.3 does not properly initialize the HMAC key, which allows remote attackers to cause a denial of service (crash) via a crafted packet.

CPENameOperatorVersion
corosync:corosynccorosynceq2.0.0
corosync:corosynccorosynceq2.0.1
corosync:corosynccorosynceq2.1.0
corosync:corosynccorosynceq2.2.0
corosync:corosynccorosynceq2.0.3
corosync:corosynccorosynceq2.0.2
corosync:corosynccorosynceq2.1.1

CPE	Name	Operator	Version
corosync:corosync	corosync	eq	2.0.0
corosync:corosync	corosync	eq	2.0.1
corosync:corosync	corosync	eq	2.1.0
corosync:corosync	corosync	eq	2.2.0
corosync:corosync	corosync	eq	2.0.3
corosync:corosync	corosync	eq	2.0.2
corosync:corosync	corosync	eq	2.1.1

References

seclists.org/oss-sec/2013/q1/212

seclists.org/oss-sec/2013/q1/213

seclists.org/oss-sec/2013/q1/214

secunia.com/advisories/52037

github.com/corosync/corosync/commit/b3f456a8ceefac6e9f2e9acc2ea0c159d412b595

6.7 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.013 Low

EPSS

Percentile

85.9%

JSON

Related for CVE-2013-0250

ubuntucve1 prion1 cvelist1 debiancve1