CVE-2019-14459

HIGH

nfdump <1.6.17 - DoS

Title source: llm

Description

nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service).

Exploits (1)

github WORKING POC 11 stars

by X-C3LL · pythonpoc

https://github.com/X-C3LL/PoC-CVEs/tree/master/CVE-2019-14459

View Code ZIP pw:eip

References (6)

[Patch] https://github.com/phaag/nfdump/commit/3b006ededaf351f1723aea6c727c9edd1b1fff9b

View Patch ZIP pw:eip

[Exploit, Third Party Advisory] https://github.com/phaag/nfdump/issues/171

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2020/09/msg00021.html

[Third Party Advisory] https://security.gentoo.org/glsa/202003-17

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ULSZMKA7P7REJMANVL7D6WMZ2L7IRSET/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTONOGJU5FSMFNRCT6OHXYUMDRKH4RPA/

Scores

CVSS v3 7.5

EPSS 0.0207

EPSS Percentile 84.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-190

Status published

Products (4)

debian/debian_linux 9.0

fedoraproject/fedora 29

fedoraproject/fedora 30

nfdump_project/nfdump < 1.6.17

Published Jul 31, 2019

Tracked Since Feb 18, 2026