Vulnerability Description
Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote attackers to cause a denial of service (crash) via a crafted IGMP packet, which triggers an incorrect size calculation and allocation of insufficient memory.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netgate | Pfsense | 2.2.1 |
| Debian | Debian Linux | 7.0 |
| Freebsd | Freebsd | 8.4 |
References
- http://www.debian.org/security/2015/dsa-3175Third Party Advisory
- http://www.securityfocus.com/bid/72777Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1031798Third Party AdvisoryVDB Entry
- https://kc.mcafee.com/corporate/index?page=content&id=SB10107
- https://www.freebsd.org/security/advisories/FreeBSD-SA-15:04.igmp.ascVendor Advisory
- https://www.pfsense.org/security/advisories/pfSense-SA-15_02.igmp.ascThird Party Advisory
- http://www.debian.org/security/2015/dsa-3175Third Party Advisory
- http://www.securityfocus.com/bid/72777Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1031798Third Party AdvisoryVDB Entry
- https://kc.mcafee.com/corporate/index?page=content&id=SB10107
- https://www.freebsd.org/security/advisories/FreeBSD-SA-15:04.igmp.ascVendor Advisory
- https://www.pfsense.org/security/advisories/pfSense-SA-15_02.igmp.ascThird Party Advisory
FAQ
What is CVE-2015-1414?
CVE-2015-1414 is a vulnerability with a CVSS score of 7.8 (HIGH). Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote attackers to cause a denial of service (crash) via a crafted IGMP packet, which trigge...
How severe is CVE-2015-1414?
CVE-2015-1414 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-1414?
Check the references section above for vendor advisories and patch information. Affected products include: Netgate Pfsense, Debian Debian Linux, Freebsd Freebsd.