CVE-2014-4883 — MEDIUM (4.3)

Q: How severe is CVE-2014-4883?

CVE-2014-4883 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-4883?

Check the references section above for vendor advisories and patch information. Affected products include: Lwip Project Lwip.

Vulnerability Description

resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Lwip Project	Lwip	<= 1.4.1

Related Weaknesses (CWE)

CWE-345

References

http://git.savannah.gnu.org/cgit/lwip.git/commit/?id=9fb46e120655ac481b2af8f865dPatch
http://www.kb.cert.org/vuls/id/210620US Government Resource
http://git.savannah.gnu.org/cgit/lwip.git/commit/?id=9fb46e120655ac481b2af8f865dPatch
http://www.kb.cert.org/vuls/id/210620US Government Resource

FAQ

What is CVE-2014-4883?

CVE-2014-4883 is a vulnerability with a CVSS score of 4.3 (MEDIUM). resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for ...

How severe is CVE-2014-4883?

CVE-2014-4883 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-4883?

Check the references section above for vendor advisories and patch information. Affected products include: Lwip Project Lwip.