Published: 27/10/2014 Updated: 18/03/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

namei in FreeBSD 9.1 up to and including 10.1-RC2 allows remote malicious users to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent path names.

Vulnerable Product	Search on Vulmon	Subscribe to Product
freebsd freebsd 9.2
freebsd freebsd 10.1
freebsd freebsd 9.1
freebsd freebsd 9.3
freebsd freebsd 10.0

Debian Bug report logs - #766275 kfreebsd-9: CVE-2014-3711: memory leak in sandboxed namei lookup Package: src:kfreebsd-9; Maintainer for src:kfreebsd-9 is (unknown); Reported by: Steven Chamberlain <steven@pyroeuorg> Date: Tue, 21 Oct 2014 21:33:01 UTC Severity: important Tags: patch, security, upstream Found in versio ...

Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a denial of service or information disclosure CVE-2014-3711 Denial of service through memory leak in sandboxed namei lookups CVE-2014-3952 Kernel memory disclosure in sockbuf control messages CVE-2014-3953 Kernel memory disclosure in SCTP This updat ...

CWE-399 http://www.securitytracker.com/id/1031100 https://www.freebsd.org/security/advisories/FreeBSD-SA-14:22.namei.asc http://www.debian.org/security/2014/dsa-3070 http://secunia.com/advisories/62218 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766275 https://nvd.nist.gov https://www.debian.org/security/./dsa-3070

CVE-2014-3711

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect