1. Home
  2. Vulnerabilities
  3. CVE-2014-2851

CVE-2014-2851

CVSS v2.0 6.9 (Medium)
69% Progress
EPSS 0.06 % (28th)
0.06% Progress
Affected Products 2
Advisories 56
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter.

Weaknesses
CWE-416
Use After Free
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2014-04-14 23:55:07
(10 years ago)
Updated Date
2023-12-15 15:57:53
(9 months ago)

Affected Products

Debian

Linux

Configuration #1

    CPE23 From Up To
  Linux Kernel from 3.0 version and prior 3.2.60 version cpe:2.3:o:linux:linux_kernel >= 3.0 < 3.2.60
  Linux Kernel from 3.3 version and prior 3.4.92 version cpe:2.3:o:linux:linux_kernel >= 3.3 < 3.4.92
  Linux Kernel from 3.5 version and prior 3.10.41 version cpe:2.3:o:linux:linux_kernel >= 3.5 < 3.10.41
  Linux Kernel from 3.11 version and prior 3.12.19 version cpe:2.3:o:linux:linux_kernel >= 3.11 < 3.12.19
  Linux Kernel from 3.13 version and prior 3.14.5 version cpe:2.3:o:linux:linux_kernel >= 3.13 < 3.14.5
  Linux Kernel 3.0 Rc1 cpe:2.3:o:linux:linux_kernel:3.0:rc1

Configuration #2

    CPE23 From Up To
  Debian Linux 7.0 cpe:2.3:o:debian:debian_linux:7.0