CVE-2014-3953: Buffer Overflow
First published: Tue Jul 15 2014(Updated: )
FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via a (1) SCTP_SNDRCV, (2) SCTP_EXTRCV, or (3) SCTP_RCVINFO SCTP cmsg or a (4) SCTP_PEER_ADDR_CHANGE, (5) SCTP_REMOTE_ERROR, or (6) SCTP_AUTHENTICATION_EVENT notification.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FreeBSD FreeBSD | =8.4 | |
| FreeBSD FreeBSD | =9.1 | |
| FreeBSD FreeBSD | =9.2 | |
| FreeBSD FreeBSD | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/freebsd
- canonical/freebsd freebsd
- version/freebsd freebsd/8.4
- version/freebsd freebsd/9.1
- version/freebsd freebsd/9.2
- version/freebsd freebsd/10.0