1. Home
  2. Vulnerabilities
  3. CVE-2014-2523

CVE-2014-2523

CVSS v2.0 10 (High)
100% Progress
EPSS 7.47 % (94th)
7.47% Progress
Affected Products 2
Advisories 61
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.

Weaknesses
CWE-20
Improper Input Validation
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2014-03-24 16:40:48
(10 years ago)
Updated Date
2023-11-07 02:19:34
(10 months ago)

Affected Products

Canonical

Linux

Configuration #1

    CPE23 From Up To
  Linux Kernel prior 3.2.57 version cpe:2.3:o:linux:linux_kernel < 3.2.57
  Linux Kernel from 3.3 version and prior 3.4.86 version cpe:2.3:o:linux:linux_kernel >= 3.3 < 3.4.86
  Linux Kernel from 3.5 version and prior 3.10.36 version cpe:2.3:o:linux:linux_kernel >= 3.5 < 3.10.36
  Linux Kernel from 3.11 version and prior 3.12.17 version cpe:2.3:o:linux:linux_kernel >= 3.11 < 3.12.17
  Linux Kernel from 3.13.0 version and prior 3.13.9 version cpe:2.3:o:linux:linux_kernel >= 3.13.0 < 3.13.9

Configuration #2

    CPE23 From Up To
  Canonical Ubuntu Linux 10.04 cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-