Lucene search

[email protected]NVD:CVE-2014-3687

HistoryNov 10, 2014 - 11:55 a.m.

CVE-2014-3687

2014-11-1011:55:06

CWE-400

[email protected]

web.nvd.nist.gov

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

0.031 Low

EPSS

Percentile

91.1%

JSON

The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.

Affected configurations

NVD

Node

linuxlinux_kernelRange2.6.27–3.2.64

linuxlinux_kernelRange3.3–3.4.107

linuxlinux_kernelRange3.5–3.10.61

linuxlinux_kernelRange3.11–3.12.34

linuxlinux_kernelRange3.13–3.14.25

linuxlinux_kernelRange3.15–3.16.35

linuxlinux_kernelRange3.17–3.17.4

Node

redhatenterprise_mrgMatch2.0

Node

canonicalubuntu_linuxMatch12.04esm

Node

debiandebian_linuxMatch7.0

novellsuse_linux_enterprise_desktopMatch12.0

novellsuse_linux_enterprise_serverMatch12.0

opensuseevergreenMatch11.4

suselinux_enterprise_real_time_extensionMatch11sp3

suselinux_enterprise_software_development_kitMatch12-

suselinux_enterprise_workstation_extensionMatch12

susesuse_linux_enterprise_serverMatch11sp2ltss

Node

oraclelinuxMatch5-

oraclelinuxMatch6-

oraclelinuxMatch7-

References

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b69040d8e39f20d5215a03502a8e8b4c6ab78395

linux.oracle.com/errata/ELSA-2014-3087.html

linux.oracle.com/errata/ELSA-2014-3088.html

linux.oracle.com/errata/ELSA-2014-3089.html

lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html

lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html

lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html

lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html

lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html

lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html

lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html

marc.info/?l=bugtraq&m=142722450701342&w=2

marc.info/?l=bugtraq&m=142722544401658&w=2

rhn.redhat.com/errata/RHSA-2015-0062.html

rhn.redhat.com/errata/RHSA-2015-0115.html

secunia.com/advisories/62428

www.debian.org/security/2014/dsa-3060

www.securityfocus.com/bid/70766

www.ubuntu.com/usn/USN-2417-1

www.ubuntu.com/usn/USN-2418-1

bugzilla.redhat.com/show_bug.cgi?id=1155731

github.com/torvalds/linux/commit/b69040d8e39f20d5215a03502a8e8b4c6ab78395

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

0.031 Low

EPSS

Percentile

91.1%

JSON

Related for NVD:CVE-2014-3687

debiancve1 ubuntucve1 cvelist1 prion1 cve1 nessus43 f53 oraclelinux6 openvas47 redhat5 suse10 osv2 debian3 centos2 securityvulns4 ubuntu10 fedora14