fkie_nvd - fkie_cve-2014-3711

fkie_cve-2014-3711

Vulnerability from fkie_nvd

Published

2014-10-27 15:55

Modified

2025-04-12 10:46

Severity ?

Summary

namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent path names.

References

URL	Tags
secalert@redhat.com	http://secunia.com/advisories/62218
secalert@redhat.com	http://www.debian.org/security/2014/dsa-3070
secalert@redhat.com	http://www.securitytracker.com/id/1031100
secalert@redhat.com	https://www.freebsd.org/security/advisories/FreeBSD-SA-14:22.namei.asc	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62218
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2014/dsa-3070
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1031100
af854a3a-2127-422b-91ae-364da2661108	https://www.freebsd.org/security/advisories/FreeBSD-SA-14:22.namei.asc	Patch

Impacted products

Vendor	Product	Version
freebsd	freebsd	9.1
freebsd	freebsd	9.1
freebsd	freebsd	9.1
freebsd	freebsd	9.2
freebsd	freebsd	9.2
freebsd	freebsd	9.2
freebsd	freebsd	9.2
freebsd	freebsd	9.3
freebsd	freebsd	9.3
freebsd	freebsd	9.3
freebsd	freebsd	10.0
freebsd	freebsd	10.0
freebsd	freebsd	10.0
freebsd	freebsd	10.1
freebsd	freebsd	10.1
freebsd	freebsd	10.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D78E559A-430D-4D50-8A83-58A37D393471",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:9.1:p4:*:*:*:*:*:*",
              "matchCriteriaId": "DD6B2A2E-6E8C-40D7-B29F-1FC9E8B1076B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:9.1:p5:*:*:*:*:*:*",
              "matchCriteriaId": "0ADB3AF3-5E13-4EC3-AE3C-128DF51E1DF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:9.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "F377F93B-93E0-423C-BED2-35D5A01ED52C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:9.2:prerelease:*:*:*:*:*:*",
              "matchCriteriaId": "213ECCF5-4FE2-4FE8-B84E-A1C9AA98F1F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:9.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C52A912B-E7C6-484A-8E15-8208C97B8CB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:9.2:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D4B097BE-2CA1-4236-AB8F-1151FCC845A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "57052F01-8695-4C63-A947-7671375B9312",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:9.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A64DC63D-2C25-4628-B7A5-0A04F0605337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:9.3:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "EFCCA127-41FA-41EC-A457-B794C85FD4E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA79CE41-D873-4A4A-A20C-83EB8772E5FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:10.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "62E1B1F3-27AB-4ED2-8252-3AEA0959B557",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:10.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6140E28B-6F37-4BE9-93AB-E7FC06BD97A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6D63B21-9D2E-4B15-9E60-6181D44B1F55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:10.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3BDEF786-0D79-4B1E-BBB8-0FC5B258F03C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:freebsd:freebsd:10.1:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "93A7E512-EB2B-46CC-BB53-82B6C7166D53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent path names."
    },
    {
      "lang": "es",
      "value": "namei en FreeBSD 9.1 hasta 10.1-RC2 permite a atacantes remotos causar una denegaci\u00f3n de servicio (agotamiento de memoria) a trav\u00e9s de vectores que provocan que un proceso de sandbox busque un n\u00famero grande de nombres de rutas no existentes."
    }
  ],
  "id": "CVE-2014-3711",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-10-27T15:55:24.110",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/62218"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2014/dsa-3070"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id/1031100"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:22.namei.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62218"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2014/dsa-3070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1031100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:22.namei.asc"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2014-3711 (GCVE-0-2014-3711)

Vulnerability from cvelistv5

Published

2014-10-27 15:00