cvelistv5 - cve-2014-3711

CVE-2014-3711 (GCVE-0-2014-3711)

Vulnerability from cvelistv5

Published

2014-10-27 15:00

Modified

2024-08-06 10:50

Severity ?

CWE

Summary

namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent path names.

References

URL

Tags

secalert@redhat.com	http://secunia.com/advisories/62218
secalert@redhat.com	http://www.debian.org/security/2014/dsa-3070
secalert@redhat.com	http://www.securitytracker.com/id/1031100
secalert@redhat.com	https://www.freebsd.org/security/advisories/FreeBSD-SA-14:22.namei.asc	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62218
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2014/dsa-3070
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1031100
af854a3a-2127-422b-91ae-364da2661108	https://www.freebsd.org/security/advisories/FreeBSD-SA-14:22.namei.asc	Patch

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:50:18.327Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-3070",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3070"
          },
          {
            "name": "62218",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62218"
          },
          {
            "name": "FreeBSD-SA-14:22",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:22.namei.asc"
          },
          {
            "name": "1031100",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031100"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-10-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent path names."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-11-13T13:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "DSA-3070",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3070"
        },
        {
          "name": "62218",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62218"
        },
        {
          "name": "FreeBSD-SA-14:22",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:22.namei.asc"
        },
        {
          "name": "1031100",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031100"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-3711",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent path names."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-3070",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-3070"
            },
            {
              "name": "62218",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62218"
            },
            {
              "name": "FreeBSD-SA-14:22",
              "refsource": "FREEBSD",
              "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:22.namei.asc"
            },
            {
              "name": "1031100",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031100"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-3711",
    "datePublished": "2014-10-27T15:00:00",
    "dateReserved": "2014-05-14T00:00:00",
    "dateUpdated": "2024-08-06T10:50:18.327Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-3711\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2014-10-27T15:55:24.110\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent path names.\"},{\"lang\":\"es\",\"value\":\"namei en FreeBSD 9.1 hasta 10.1-RC2 permite a atacantes remotos causar una denegaci\u00f3n de servicio (agotamiento de memoria) a trav\u00e9s de vectores que provocan que un proceso de sandbox busque un n\u00famero grande de nombres de rutas no existentes.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D78E559A-430D-4D50-8A83-58A37D393471\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:9.1:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD6B2A2E-6E8C-40D7-B29F-1FC9E8B1076B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:9.1:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"0ADB3AF3-5E13-4EC3-AE3C-128DF51E1DF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:9.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"F377F93B-93E0-423C-BED2-35D5A01ED52C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:9.2:prerelease:*:*:*:*:*:*\",\"matchCriteriaId\":\"213ECCF5-4FE2-4FE8-B84E-A1C9AA98F1F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:9.2:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C52A912B-E7C6-484A-8E15-8208C97B8CB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:9.2:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4B097BE-2CA1-4236-AB8F-1151FCC845A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57052F01-8695-4C63-A947-7671375B9312\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:9.3:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A64DC63D-2C25-4628-B7A5-0A04F0605337\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:9.3:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFCCA127-41FA-41EC-A457-B794C85FD4E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA79CE41-D873-4A4A-A20C-83EB8772E5FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:10.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"62E1B1F3-27AB-4ED2-8252-3AEA0959B557\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:10.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6140E28B-6F37-4BE9-93AB-E7FC06BD97A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6D63B21-9D2E-4B15-9E60-6181D44B1F55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:10.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BDEF786-0D79-4B1E-BBB8-0FC5B258F03C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:10.1:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"93A7E512-EB2B-46CC-BB53-82B6C7166D53\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/62218\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2014/dsa-3070\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id/1031100\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.freebsd.org/security/advisories/FreeBSD-SA-14:22.namei.asc\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://secunia.com/advisories/62218\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2014/dsa-3070\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1031100\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.freebsd.org/security/advisories/FreeBSD-SA-14:22.namei.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}"
  }
}

fkie_cve-2014-3711

Vulnerability from fkie_nvd

Published

2014-10-27 15:55

Modified

2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://secunia.com/advisories/62218
secalert@redhat.com	http://www.debian.org/security/2014/dsa-3070
secalert@redhat.com	http://www.securitytracker.com/id/1031100
secalert@redhat.com	https://www.freebsd.org/security/advisories/FreeBSD-SA-14:22.namei.asc	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62218
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2014/dsa-3070
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1031100
af854a3a-2127-422b-91ae-364da2661108	https://www.freebsd.org/security/advisories/FreeBSD-SA-14:22.namei.asc	Patch

Impacted products

Vendor	Product	Version
freebsd	freebsd	9.1
freebsd	freebsd	9.1
freebsd	freebsd	9.1
freebsd	freebsd	9.2
freebsd	freebsd	9.2
freebsd	freebsd	9.2
freebsd	freebsd	9.2
freebsd	freebsd	9.3
freebsd	freebsd	9.3
freebsd	freebsd	9.3
freebsd	freebsd	10.0
freebsd	freebsd	10.0
freebsd	freebsd	10.0
freebsd	freebsd	10.1
freebsd	freebsd	10.1
freebsd	freebsd	10.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D78E559A-430D-4D50-8A83-58A37D393471",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:9.1:p4:*:*:*:*:*:*",
              "matchCriteriaId": "DD6B2A2E-6E8C-40D7-B29F-1FC9E8B1076B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:9.1:p5:*:*:*:*:*:*",
              "matchCriteriaId": "0ADB3AF3-5E13-4EC3-AE3C-128DF51E1DF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:9.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "F377F93B-93E0-423C-BED2-35D5A01ED52C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:9.2:prerelease:*:*:*:*:*:*",
              "matchCriteriaId": "213ECCF5-4FE2-4FE8-B84E-A1C9AA98F1F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:9.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C52A912B-E7C6-484A-8E15-8208C97B8CB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:9.2:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D4B097BE-2CA1-4236-AB8F-1151FCC845A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "57052F01-8695-4C63-A947-7671375B9312",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:9.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A64DC63D-2C25-4628-B7A5-0A04F0605337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:9.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "EFCCA127-41FA-41EC-A457-B794C85FD4E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA79CE41-D873-4A4A-A20C-83EB8772E5FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "62E1B1F3-27AB-4ED2-8252-3AEA0959B557",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6140E28B-6F37-4BE9-93AB-E7FC06BD97A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6D63B21-9D2E-4B15-9E60-6181D44B1F55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:10.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3BDEF786-0D79-4B1E-BBB8-0FC5B258F03C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:10.1:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "93A7E512-EB2B-46CC-BB53-82B6C7166D53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent path names."
    },
    {
      "lang": "es",
      "value": "namei en FreeBSD 9.1 hasta 10.1-RC2 permite a atacantes remotos causar una denegaci\u00f3n de servicio (agotamiento de memoria) a trav\u00e9s de vectores que provocan que un proceso de sandbox busque un n\u00famero grande de nombres de rutas no existentes."
    }
  ],
  "id": "CVE-2014-3711",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-10-27T15:55:24.110",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/62218"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2014/dsa-3070"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id/1031100"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:22.namei.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62218"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-3070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1031100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:22.namei.asc"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2014-3711

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2014-3711

Aliases

CVE-2014-3711

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-3711",
    "description": "namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent path names.",
    "id": "GSD-2014-3711",
    "references": [
      "https://www.debian.org/security/2014/dsa-3070"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-3711"
      ],
      "details": "namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent path names.",
      "id": "GSD-2014-3711",
      "modified": "2023-12-13T01:22:53.192587Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2014-3711",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent path names."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "DSA-3070",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2014/dsa-3070"
          },
          {
            "name": "62218",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62218"
          },
          {
            "name": "FreeBSD-SA-14:22",
            "refsource": "FREEBSD",
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:22.namei.asc"
          },
          {
            "name": "1031100",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1031100"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.2:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.2:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.1:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.1:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.3:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.2:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.2:prerelease:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.1:p4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.1:p5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:9.3:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:freebsd:freebsd:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-3711"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent path names."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1031100",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1031100"
            },
            {
              "name": "FreeBSD-SA-14:22",
              "refsource": "FREEBSD",
              "tags": [
                "Patch"
              ],
              "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:22.namei.asc"
            },
            {
              "name": "DSA-3070",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2014/dsa-3070"
            },
            {
              "name": "62218",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62218"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2019-03-18T15:35Z",
      "publishedDate": "2014-10-27T15:55Z"
    }
  }
}

ghsa-gjgw-x7x9-348x

Vulnerability from github

Published

2022-05-14 01:19

Modified

2022-05-14 01:19

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-3711"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-10-27T15:55:00Z",
    "severity": "MODERATE"
  },
  "details": "namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent path names.",
  "id": "GHSA-gjgw-x7x9-348x",
  "modified": "2022-05-14T01:19:58Z",
  "published": "2022-05-14T01:19:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3711"
    },
    {
      "type": "WEB",
      "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:22.namei.asc"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62218"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2014/dsa-3070"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1031100"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2014-3711 (GCVE-0-2014-3711)

Vulnerability from cvelistv5

fkie_cve-2014-3711

Vulnerability from fkie_nvd

gsd-2014-3711

Vulnerability from gsd

ghsa-gjgw-x7x9-348x

Vulnerability from github

Tags

Sightings

Nomenclature