Lucene search

[email protected]CVE-2014-3951

HistoryAug 21, 2014 - 10:55 p.m.

CVE-2014-3951

2014-08-2122:55:03

[email protected]

web.nvd.nist.gov

cve-2014-3951

hz module

iconv implementation

freebsd

netbsd

null pointer dereference

denial of service

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.3 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.0%

JSON

The HZ module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted argument to the iconv_open function. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2014-5384 is used for the NULL pointer dereference.

Affected configurations

NVD

Node

freebsdfreebsdMatch10.0

netbsdnetbsd

CPENameOperatorVersion
freebsd:freebsdfreebsdeq10.0
netbsd:netbsdnetbsdeq*

CPE	Name	Operator	Version
freebsd:freebsd	freebsd	eq	10.0
netbsd:netbsd	netbsd	eq	*

References

mail-index.netbsd.org/source-changes/2014/06/24/msg055822.html

www.freebsd.org/security/advisories/FreeBSD-SA-14:15.iconv.asc

www.securitytracker.com/id/1030458

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.3 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.0%

JSON

Related for CVE-2014-3951

cvelist2 prion2 nvd2 cve1 freebsd1 nessus1 securityvulns2 freebsd_advisory1