CVE-2014-2537

Name: CVE-2014-2537
Creator: NVD / NIST
Published: 2014-03-18T17:04:18.813+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 3.07%

Last modified Jun 17, 2026

CVE-2014-2537 is a vulnerability of currently unknown severity. Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.. EPSS estimates a 3.07% chance of exploitation in the next 30 days.

Description

Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.

Metrics

EPSS Probability

3.07%

85.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-399

Affected Software

Vendor	Product	Versions
Sophos	Unified Threat Management Software	<= 9.108
Sophos	Unified Threat Management Software	8.3
Sophos	Unified Threat Management Software	9.007
Sophos	Unified Threat Management Software	9.107
Sophos	Unified Threat Management	110
Sophos	Unified Threat Management	120
Sophos	Unified Threat Management	220
Sophos	Unified Threat Management	320
Sophos	Unified Threat Management	425
Sophos	Unified Threat Management	525
Sophos	Unified Threat Management	625

References

http://blogs.sophos.com/2014/02/20/utm-up2date-9-109/Patch, Vendor Advisory
http://secunia.com/advisories/57344Vendor Advisory
http://www.securityfocus.com/bid/66231
http://www.securitytracker.com/id/1029920
http://blogs.sophos.com/2014/02/20/utm-up2date-9-109/Patch, Vendor Advisory
http://secunia.com/advisories/57344Vendor Advisory
http://www.securityfocus.com/bid/66231
http://www.securitytracker.com/id/1029920

Timeline

Published: Mar 18, 2014
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2014-2537?

Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.

How severe is CVE-2014-2537?

Severity scoring for CVE-2014-2537 is pending analysis. The EPSS model estimates a 3.07% probability of exploitation in the next 30 days.

How do I fix CVE-2014-2537?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-2537?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST