Vulnerability Details : CVE-2014-8324
network.c in Aircrack-ng before 1.2 Beta 3 allows remote attackers to cause a denial of service (segmentation fault) via a response with a crafted length parameter.
Vulnerability category: Memory CorruptionInput validationDenial of service
Products affected by CVE-2014-8324
- cpe:2.3:a:aircrack-ng:aircrack-ng:*:beta2:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-8324
1.62%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-8324
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2014-8324
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-8324
-
https://bugzilla.redhat.com/show_bug.cgi?id=1159812
1159812 – (CVE-2014-8321, CVE-2014-8322, CVE-2014-8323, CVE-2014-8324) CVE-2014-8321 CVE-2014-8322 CVE-2014-8323 CVE-2014-8324 aircrack-ng: multiple vulnerabilitiesIssue Tracking;Patch;Third Party Advisory
-
http://aircrack-ng.blogspot.com/2014/10/aircrack-ng-12-release-candidate-1.html
Aircrack-ng: Aircrack-ng 1.2 Release candidate 1Issue Tracking;Vendor Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-November/143595.html
[SECURITY] Fedora 20 Update: aircrack-ng-1.2-0.3.rc1.fc20Third Party Advisory
-
http://www.securityfocus.com/archive/1/533869/100/0/threaded
SecurityFocus
-
http://security.gentoo.org/glsa/glsa-201411-08.xml
Aircrack-ng: User-assisted execution of arbitrary code (GLSA 201411-08) — Gentoo securityThird Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-November/143216.html
[SECURITY] Fedora 21 Update: aircrack-ng-1.2-0.5rc1.fc21Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-November/143606.html
[SECURITY] Fedora 19 Update: aircrack-ng-1.2-0.3.rc1.fc19Third Party Advisory
-
https://github.com/aircrack-ng/aircrack-ng/commit/88702a3ce4c28a973bf69023cd0312f412f6193e
OSdep: Fixed segmentation fault that happens with a malicious server … · aircrack-ng/aircrack-ng@88702a3 · GitHubPatch;Third Party Advisory
-
http://packetstormsecurity.com/files/128943/Aircrack-ng-1.2-Beta-3-DoS-Code-Execution.html
Aircrack-ng 1.2 Beta 3 DoS / Code Execution ≈ Packet StormPatch;Third Party Advisory;VDB Entry
Jump to