CVE-2014-3955 : routed in FreeBSD 8.4 through 10.1-RC2 allows remote attackers to cause a denial

routed in FreeBSD 8.4 through 10.1-RC2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RIP request from a source not on a directly connected network.

Published 2014-10-27 15:55:25

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2014-3955

Freebsd » Freebsd » Version: 9.0 Update Beta1
cpe:2.3:o:freebsd:freebsd:9.0:beta1:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 9.0 Update Beta2
cpe:2.3:o:freebsd:freebsd:9.0:beta2:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 9.0 Update Beta3
cpe:2.3:o:freebsd:freebsd:9.0:beta3:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 10.0
cpe:2.3:o:freebsd:freebsd:10.0:*:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 9.3
cpe:2.3:o:freebsd:freebsd:9.3:*:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 9.0
cpe:2.3:o:freebsd:freebsd:9.0:*:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 9.1
cpe:2.3:o:freebsd:freebsd:9.1:*:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 9.1 Update P4
cpe:2.3:o:freebsd:freebsd:9.1:p4:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 9.1 Update P5
cpe:2.3:o:freebsd:freebsd:9.1:p5:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 9.2 Update Prerelease
cpe:2.3:o:freebsd:freebsd:9.2:prerelease:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 8.4
cpe:2.3:o:freebsd:freebsd:8.4:*:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 9.2 Update RC2
cpe:2.3:o:freebsd:freebsd:9.2:rc2:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 9.2 Update RC1
cpe:2.3:o:freebsd:freebsd:9.2:rc1:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 10.1
cpe:2.3:o:freebsd:freebsd:10.1:*:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 9.2
cpe:2.3:o:freebsd:freebsd:9.2:-:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 10.1 Update RC1
cpe:2.3:o:freebsd:freebsd:10.1:rc1:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 10.1 Update RC2
cpe:2.3:o:freebsd:freebsd:10.1:rc2:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 9.3 Update RC1
cpe:2.3:o:freebsd:freebsd:9.3:rc1:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 10.0 Update RC1
cpe:2.3:o:freebsd:freebsd:10.0:rc1:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 10.0 Update RC2
cpe:2.3:o:freebsd:freebsd:10.0:rc2:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 9.3 Update RC2
cpe:2.3:o:freebsd:freebsd:9.3:rc2:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-3955

EPSS FAQ

0.54%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 65 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-3955

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2014-3955

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-3955

http://secunia.com/advisories/61865

Sign in
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:21.routed.asc

Patch
http://www.securitytracker.com/id/1031099

FreeBSD routed(8) Processing Flaw Lets Remote Users Deny Service - SecurityTracker

Jump to

Vulnerability Details : CVE-2014-3955

Products affected by CVE-2014-3955

Exploit prediction scoring system (EPSS) score for CVE-2014-3955

CVSS scores for CVE-2014-3955

CWE ids for CVE-2014-3955

References for CVE-2014-3955