CVE-2014-3000
Last modified
CVE-2014-3000 is a vulnerability of currently unknown severity. The TCP reassembly function in the inet module in FreeBSD 8.3 before p16, 8.4 before p9, 9.1 before p12, 9.2 before p5, and 10.0 before p2 allows remote attackers to cause a denial of service (undefined memory access and system crash) or possibly read system memory via multiple crafted packets, related to moving a reassemble queue entry to the segment list when the queue is full.. EPSS estimates a 12.82% chance of exploitation in the next 30 days.
Description
The TCP reassembly function in the inet module in FreeBSD 8.3 before p16, 8.4 before p9, 9.1 before p12, 9.2 before p5, and 10.0 before p2 allows remote attackers to cause a denial of service (undefined memory access and system crash) or possibly read system memory via multiple crafted packets, related to moving a reassemble queue entry to the segment list when the queue is full.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Freebsd | Freebsd | 8.3 |
| Freebsd | Freebsd | 8.4 |
| Freebsd | Freebsd | 9.1 |
| Freebsd | Freebsd | 9.2 |
| Freebsd | Freebsd | 10.0 |
References
- http://secunia.com/advisories/58293Vendor Advisory
- http://secunia.com/advisories/58293Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2014-3000?
How severe is CVE-2014-3000?
How do I fix CVE-2014-3000?
Are you affected by CVE-2014-3000?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST