CVE-2014-8475 — Freebsd vulnerability

CWE-174 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

1.3%

top 20.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freebsd Debian Openssh

Timeline

PublishedNov 18

Latest updateMay 17

Description

FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos support, uses incorrect library ordering when linking sshd, which causes symbols to be resolved incorrectly and allows remote attackers to cause a denial of service (sshd deadlock and prevention of new connections) by ending multiple connections before authentication is completed.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶debiandebian/openssh

Also affects: Freebsd 10.0, 9.1, 9.2

🔴Vulnerability Details

GHSA

GHSA-xc4v-2r8x-72gh: FreeBSD 9↗2022-05-17

▶

📋Vendor Advisories

BSD

FreeBSD-SA-14:24.sshd: Denial of service attack against sshd(8)↗2014-11-04

▶

Debian

CVE-2014-8475: openssh - FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos support, uses i...↗2014

▶