Back to search
CVE-2014-3953
Published: Jul 15, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via a (1) SCTP_SNDRCV, (2) SCTP_EXTRCV, or (3) SCTP_RCVINFO SCTP cmsg or a (4) SCTP_PEER_ADDR_CHANGE, (5) SCTP_REMOTE_ERROR, or (6) SCTP_AUTHENTICATION_EVENT notification.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
DSA-3070
vendor-advisory
x_refsource_DEBIAN
1030539
vdb-entry
x_refsource_SECTRACK
62218
third-party-advisory
x_refsource_SECUNIA
FreeBSD-SA-14:17
vendor-advisory
x_refsource_FREEBSD
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now