Lucene search

PRIOn knowledge basePRION:CVE-2014-8602

HistoryDec 11, 2014 - 2:59 a.m.

Design/Logic Flaw

2014-12-1102:59:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.651 Medium

EPSS

Percentile

97.8%

JSON

iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals.

CPENameOperatorVersion
ubuntu_linuxeq14.10
ubuntu_linuxeq14.04
debian_linuxeq7.0
unboundle1.5.0

Name	Operator	Version
ubuntu_linux	eq	14.10
ubuntu_linux	eq	14.04
debian_linux	eq	7.0
unbound	le	1.5.0

References

cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html

unbound.net/downloads/patch_cve_2014_8602.diff

www.debian.org/security/2014/dsa-3097

www.kb.cert.org/vuls/id/264212

www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

www.securityfocus.com/bid/71589

www.ubuntu.com/usn/USN-2484-1

unbound.net/downloads/CVE-2014-8602.txt

6.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.651 Medium

EPSS

Percentile

97.8%

JSON

Related for PRION:CVE-2014-8602