CVE-2014-3711

FreeBSD 9.1-10.1-RC2 - Denial of Service via Path Name Lookup

Title source: llm

Description

namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent path names.

References (4)

Core 4

Core References

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2014/dsa-3070

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/62218

Patch vendor-advisory x_refsource_freebsd

https://www.freebsd.org/security/advisories/FreeBSD-SA-14:22.namei.asc

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1031100

Scores

EPSS 0.0060

EPSS Percentile 69.8%

Details

CWE

CWE-399

Status published

Products (5)

freebsd/freebsd 9.1 (3 CPE variants)

freebsd/freebsd 9.2 (4 CPE variants)

freebsd/freebsd 9.3 (3 CPE variants)

freebsd/freebsd 10.0 (3 CPE variants)

freebsd/freebsd 10.1 (3 CPE variants)

Published Oct 27, 2014

Tracked Since Feb 18, 2026