Published: 31/07/2019 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

nfdump 1.6.17 and previous versions is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service).

Vulnerable Product	Search on Vulmon	Subscribe to Product
nfdump project nfdump
debian debian linux 9.0
fedoraproject fedora 29
fedoraproject fedora 30

Debian Bug report logs - #933740 nfdump: CVE-2019-14459 Package: src:nfdump; Maintainer for src:nfdump is Erik Wenzel <erik@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 2 Aug 2019 18:57:02 UTC Severity: important Tags: security, upstream Found in version nfdump/1617-1 Forwarded ...

Debian Bug report logs - #933741 qemu: CVE-2019-14378: heap buffer overflow during packet reassembly Package: src:qemu; Maintainer for src:qemu is Debian QEMU Team <pkg-qemu-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 2 Aug 2019 19:12:01 UTC Severity: grave Tags: ...

CWE-190 https://github.com/phaag/nfdump/commit/3b006ededaf351f1723aea6c727c9edd1b1fff9b https://github.com/phaag/nfdump/issues/171 https://security.gentoo.org/glsa/202003-17 https://lists.debian.org/debian-lts-announce/2020/09/msg00021.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ULSZMKA7P7REJMANVL7D6WMZ2L7IRSET/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTONOGJU5FSMFNRCT6OHXYUMDRKH4RPA/https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933740

CVE-2019-14459

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect