CVE-2014-7250

Published Dec 12, 2014

Last updated 10 years ago

CVSS info 5.0

Overview

Description: The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets.
Source: vultures@jpcert.or.jp
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-399

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:bsd:bsd:4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "388BB5C2-53B3-4597-913C-7D86E585CCD5"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:5.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD85B1ED-1473-4C22-9E1E-53F07CF517E9"
          },
          {
            "criteria": "cpe:2.3:o:netbsd:netbsd:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3C3F588-98DA-4F6F-A083-2B9EE534C561"
          },
          {
            "criteria": "cpe:2.3:o:openbsd:openbsd:3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D4D84D7A-EB7C-4196-B8B6-7B703C8055C2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References