CVE-2019-14459

HIGH

nfdump < 1.6.17 - Denial of Service via Integer Overflow in Process_ipfix_template_withdraw

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-14459. PoCs published by X-C3LL.

AI-analyzed exploit summary This PoC exploits an integer overflow in nfdump's Process_ipfix_template_withdraw function, causing a denial of service via a crafted UDP packet. The overflow bypasses a size check, leading to an infinite loop and segmentation fault.

Description

nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service).

Exploits (1)

github WORKING POC 11 stars
by X-C3LL · pythonpoc
https://github.com/X-C3LL/PoC-CVEs/tree/master/CVE-2019-14459

This PoC exploits an integer overflow in nfdump's Process_ipfix_template_withdraw function, causing a denial of service via a crafted UDP packet. The overflow bypasses a size check, leading to an infinite loop and segmentation fault.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: nfdump 1.6.17 and below
No auth needed
Prerequisites: network access to target · UDP port reachable
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (6)

Core 6
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/phaag/nfdump/issues/171
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202003-17
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/09/msg00021.html

Scores

CVSS v3 7.5
EPSS 0.0271
EPSS Percentile 84.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-190
Status published
Products (4)
debian/debian_linux 9.0
fedoraproject/fedora 29
fedoraproject/fedora 30
nfdump_project/nfdump < 1.6.17
Published Jul 31, 2019
Tracked Since Feb 18, 2026