CVE-2014-3953
FreeBSD <8.4 p14, <9.1 p17, <9.2 p10, <10.0 p7 - Info Disclosure
Title source: llmDescription
FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via a (1) SCTP_SNDRCV, (2) SCTP_EXTRCV, or (3) SCTP_RCVINFO SCTP cmsg or a (4) SCTP_PEER_ADDR_CHANGE, (5) SCTP_REMOTE_ERROR, or (6) SCTP_AUTHENTICATION_EVENT notification.
References (4)
Core 4
Core References
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-3070
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1030539
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/62218
Vendor Advisory vendor-advisory
x_refsource_freebsd
http://www.freebsd.org/security/advisories/FreeBSD-SA-14:17.kmem.asc
Scores
EPSS
0.0007
EPSS Percentile
21.6%
Details
CWE
CWE-119
Status
published
Products (4)
freebsd/freebsd
8.4
freebsd/freebsd
9.1
freebsd/freebsd
9.2
freebsd/freebsd
10.0
Published
Jul 15, 2014
Tracked Since
Feb 18, 2026