CVE-2014-2309Improper Restriction of Operations within the Bounds of a Memory Buffer in Kernel

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer14 documents8 sources
Severity
6.1MEDIUMNVD
EPSS
0.9%
top 24.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelOpensuseSuse Linux Enterprise Server
Timeline
PublishedMar 11
Latest updateMay 13

Description

The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets.

CVSS vector

AV:A/AC:L/C:N/I:N/A:CExploitability: 6.5 | Impact: 6.9

Affected Packages4 packages

Debianlinux/linux_kernel< 3.13.6-1+3
NVDlinux/linux_kernel3.13.6

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
GHSA
GHSA-fp4w-gxwf-rr44: The ip6_route_add function in net/ipv6/route2022-05-13
CVEList
CVE-2014-2309: The ip6_route_add function in net/ipv6/route2014-03-11
OSV
CVE-2014-2309: The ip6_route_add function in net/ipv6/route2014-03-11

📋Vendor Advisories

8
Ubuntu
Linux kernel (Saucy HWE) vulnerabilities2014-05-27
Ubuntu
Linux kernel (OMAP4) vulnerabilities2014-05-27
Ubuntu
Linux kernel (Quantal HWE) vulnerabilities2014-05-27
Ubuntu
Linux kernel vulnerabilities2014-05-27
Ubuntu
Linux kernel (Raring HWE) vulnerabilities2014-05-27

💬Community

2
Bugzilla
CVE-2014-2309 Kernel: net: IPv6: crash due to router advertisement flooding [fedora-all]2014-03-11
Bugzilla
CVE-2014-2309 Kernel: net: IPv6: crash due to router advertisement flooding2014-03-10
CVE-2014-2309 — Linux Kernel vulnerability | cvebase