Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.9
CVSSv2

CVE-2014-3953

Published: 15/07/2014 Updated: 19/11/2014
CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9
VMScore: 436
Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N
Subscribe to Freebsd

Vulnerability Summary

FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via a (1) SCTP_SNDRCV, (2) SCTP_EXTRCV, or (3) SCTP_RCVINFO SCTP cmsg or a (4) SCTP_PEER_ADDR_CHANGE, (5) SCTP_REMOTE_ERROR, or (6) SCTP_AUTHENTICATION_EVENT notification.

Vulnerable Product Search on Vulmon Subscribe to Product

freebsd freebsd 9.2

freebsd freebsd 9.1

freebsd freebsd 10.0

freebsd freebsd 8.4

Vendor Advisories

Debian CVElist Bug Report Logs: kfreebsd-9: CVE-2014-3711: memory leak in sandboxed namei lookup
Debian Bug report logs - #766275 kfreebsd-9: CVE-2014-3711: memory leak in sandboxed namei lookup Package: src:kfreebsd-9; Maintainer for src:kfreebsd-9 is (unknown); Reported by: Steven Chamberlain <steven@pyroeuorg> Date: Tue, 21 Oct 2014 21:33:01 UTC Severity: important Tags: patch, security, upstream Found in versio ...
Debian CVElist Bug Report Logs: kfreebsd-9: SCTP kernel memory disclosures (CVE-2014-3953)
Debian Bug report logs - #754237 kfreebsd-9: SCTP kernel memory disclosures (CVE-2014-3953) Package: src:kfreebsd-9; Maintainer for src:kfreebsd-9 is (unknown); Reported by: Steven Chamberlain <steven@pyroeuorg> Date: Tue, 8 Jul 2014 22:51:01 UTC Severity: grave Tags: security, upstream, wheezy Found in versions kfreeb ...
Debian Security Advisories: DSA-3070-1 kfreebsd-9 -- security update
Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a denial of service or information disclosure CVE-2014-3711 Denial of service through memory leak in sandboxed namei lookups CVE-2014-3952 Kernel memory disclosure in sockbuf control messages CVE-2014-3953 Kernel memory disclosure in SCTP This updat ...

References

CWE-119http://www.freebsd.org/security/advisories/FreeBSD-SA-14:17.kmem.aschttp://www.securitytracker.com/id/1030539http://www.debian.org/security/2014/dsa-3070http://secunia.com/advisories/62218https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766275https://www.debian.org/security/./dsa-3070
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671unauthorizedCVE-2024-4776CVE-2024-3407CVE-2024-26026CVE-2024-32888wirelessCVE-2024-4656template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook