PT-2019-13705 · Nfdump+1 · Nfdump+1

Juan Manuel Fernandez

Publicado

2019-07-31

Atualizado

2023-03-03

CVE-2019-14459

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions nfdump versions 1.6.17 and earlier

Description The issue is related to an integer overflow in the Process ipfix template withdraw function in ipfix.c, which can be exploited to crash the process remotely, resulting in a denial of service.

Recommendations For nfdump versions 1.6.17 and earlier, as a temporary workaround, consider disabling the Process ipfix template withdraw function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

ALT-PU-2019-2599

ALT-PU-2019-2614

CVE-2019-14459

DLA-2383-1

Produtos afetados

Alt Linux

Nfdump

PT-2019-13705 · Nfdump+1 · Nfdump+1

CVE-2019-14459

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 17