CVE-2015-1414
published 2015-02-27CVE-2015-1414: Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote attackers to cause a denial of service…
PriorityP433high7.8CVSS 2.0
AVNACLAuNCNINAC
EPSS
4.15%
89.6th percentile
Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote attackers to cause a denial of service (crash) via a crafted IGMP packet, which triggers an incorrect size calculation and allocation of insufficient memory.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| netgate | pfsense | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8c3q-6mj5-c66h: Integer overflow in FreeBSD before 8
ghsa_unreviewed·2022-05-14
CVE-2015-1414 [HIGH] GHSA-8c3q-6mj5-c66h: Integer overflow in FreeBSD before 8
Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote attackers to cause a denial of service (crash) via a crafted IGMP packet, which triggers an incorrect size calculation and allocation of insufficient memory.
BSD
FreeBSD-SA-15:04.igmp: Integer overflow in IGMP protocol
bsd_advisories·2015-02-25·CVSS 7.8
CVE-2015-1414 [HIGH] FreeBSD-SA-15:04.igmp: Integer overflow in IGMP protocol
FreeBSD-SA-15:04.igmp Security Advisory
The FreeBSD Project
Topic: Integer overflow in IGMP protocol
Category: core
Module: igmp
Announced: 2015-02-25; Last revised on 2015-04-07
Credits: Mateusz Kocielski, Logicaltrust,
Marek Kroemeke, and 22733db72ab3ed94b5f8a1ffcde850251fe6f466
Affects: All supported versions of FreeBSD.
Corrected: 2015-04-07 20:20:24 UTC (stable/10, 10.1-STABLE)
2015-04-07 20:21:01 UTC (releng/10.1, 10.1-RELEASE-p9)
2015-04-07 20:20:44 UTC (stable/9, 9.3-STABLE)
2015-04-07 20:21:23 UTC (releng/9.3, 9.3-RELEASE-p13)
2015-04-07 20:20:44 UTC (stable/8, 8.4-STABLE)
2015-04-07 20:21:23 UTC (releng/8.4, 8.4-RELEASE-p27)
CVE Name: CVE-2015-1414
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and
No detection rules found.
No public exploits indexed.
Trendmicro
Patch Gap Vulnerabilities in the VMware ESXi TCP/IP Stack
blogs_trendmicro·2022-07-27
Patch Gap Vulnerabilities in the VMware ESXi TCP/IP Stack
# Looking at Patch Gap Vulnerabilities in the VMware ESXi TCP/IP Stack
Learn about the patch gap vulnerabilities in the VMware ESXi TCP/IP stack.
By: Zero Day Initiative
2022/07/27
Read time: ( words)
Save to Folio
Over the last few years, multiple VMware ESXi remote, unauthenticated code execution vulnerabilities have been publicly disclosed. Some were also found to be exploited in the wild. Since these bugs were found in ESXi’s implementation of the SLP service, VMware provided workarounds to turn off the service. VMware also disabled the service by default starting with ESX 7.0 Update 2c. In this blog post, we explore another remotely reachable attack surface: ESXi’s TCP/IP stack implemented as a VMkernel module. The most interesting outcome of this analysis is that ESXi’s TCP/IP s
Trendmicro
Patch Gap Vulnerabilities in the VMware ESXi TCP/IP Stack
blogs_trendmicro·2022-07-27
Patch Gap Vulnerabilities in the VMware ESXi TCP/IP Stack
## Looking at Patch Gap Vulnerabilities in the VMware ESXi TCP/IP Stack
Learn about the patch gap vulnerabilities in the VMware ESXi TCP/IP stack.
By: Zero Day Initiative 2022/07/27 Read time: ( words)
Save to Folio
Over the last few years, multiple VMware ESXi remote, unauthenticated code execution vulnerabilities have been publicly disclosed. Some were also found to be exploited in the wild. Since these bugs were found in ESXi’s implementation of the SLP service , VMware provided workarounds to turn off the service. VMware also disabled the service by default starting with ESX 7.0 Update 2c . In this blog post, we explore another remotely reachable attack surface: ESXi’s TCP/IP stack implemented as a VMkernel module. The most interesting outcome of this analysis is that ESXi’s TCP/IP
Trendmicro
Patch Gap Vulnerabilities in the VMware ESXi TCP/IP Stack
blogs_trendmicro·2022-07-27
Patch Gap Vulnerabilities in the VMware ESXi TCP/IP Stack
## Looking at Patch Gap Vulnerabilities in the VMware ESXi TCP/IP Stack
Learn about the patch gap vulnerabilities in the VMware ESXi TCP/IP stack.
By: Zero Day Initiative Jul 27, 2022 Read time: ( words)
Save to Folio
Over the last few years, multiple VMware ESXi remote, unauthenticated code execution vulnerabilities have been publicly disclosed. Some were also found to be exploited in the wild. Since these bugs were found in ESXi’s implementation of the SLP service , VMware provided workarounds to turn off the service. VMware also disabled the service by default starting with ESX 7.0 Update 2c . In this blog post, we explore another remotely reachable attack surface: ESXi’s TCP/IP stack implemented as a VMkernel module. The most interesting outcome of this analysis is that ESXi’s TCP/
http://www.debian.org/security/2015/dsa-3175http://www.securityfocus.com/bid/72777http://www.securitytracker.com/id/1031798https://kc.mcafee.com/corporate/index?page=content&id=SB10107https://www.freebsd.org/security/advisories/FreeBSD-SA-15:04.igmp.aschttps://www.pfsense.org/security/advisories/pfSense-SA-15_02.igmp.aschttp://www.debian.org/security/2015/dsa-3175http://www.securityfocus.com/bid/72777http://www.securitytracker.com/id/1031798https://kc.mcafee.com/corporate/index?page=content&id=SB10107https://www.freebsd.org/security/advisories/FreeBSD-SA-15:04.igmp.aschttps://www.pfsense.org/security/advisories/pfSense-SA-15_02.igmp.asc
2015-02-27
Published