Lucene search

[email protected]CVE-2014-1692

HistoryJan 29, 2014 - 4:02 p.m.

CVE-2014-1692

2014-01-2916:02:00

CWE-119

[email protected]

web.nvd.nist.gov

2326

cve-2014-1692

openssh

memory corruption

denial of service

vulnerability

nvd

5.4 Medium

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.043 Low

EPSS

Percentile

92.2%

JSON

The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition.

CPENameOperatorVersion
openbsd:opensshopenbsd opensshle6.4

CPE	Name	Operator	Version
openbsd:openssh	openbsd openssh	le	6.4

References

marc.info/?l=bugtraq&m=141576985122836&w=2

marc.info/?l=bugtraq&m=144050155601375&w=2

openwall.com/lists/oss-security/2014/01/29/10

openwall.com/lists/oss-security/2014/01/29/2

osvdb.org/102611

secunia.com/advisories/60184

www-01.ibm.com/support/docview.wss?uid=isg3T1020637

www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/Attic/schnorr.c.diff?r1=1.9%3Br2=1.10%3Bf=h

www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/schnorr.c#rev1.10

www.securityfocus.com/bid/65230

exchange.xforce.ibmcloud.com/vulnerabilities/90819

Social References

5.4 Medium

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.043 Low

EPSS

Percentile

92.2%

JSON

Related for CVE-2014-1692

seebug1 ubuntucve1 f52 openvas1 prion1 nessus3 debiancve1 symantec1 rosalinux1 securityvulns1