CVE-2014-2309

Published: Mar 11, 2014Modified: May 6, 2026

6.1

Vector

AV:A/AC:L/Au:N/C:N/I:N/A:C

Exploitability: 6.5 / Impact: 6.9

Source: NVD

Description

The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets.

Affected (4)

Products: Linux: Linux Kernel · Opensuse: Opensuse · Suse: Linux Enterprise Server

1 product

1 product

1 product

Linux Enterprise Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Up to 3.13.6

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 11.4
Suse Linux Enterprise Server	Version 11
Suse Linux Enterprise Server	Version 11 sp2

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (14)

http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=c88507fbad8055297c1d1e21e599f46960cbee39

Source: cve@mitre.org

ExploitPatchVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://secunia.com/advisories/57250

Source: cve@mitre.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2014/03/08/1

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/66095

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1029894

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=c88507fbad8055297c1d1e21e599f46960cbee39

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://secunia.com/advisories/57250

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.openwall.com/lists/oss-security/2014/03/08/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/66095

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1029894

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.