CVE-2014-3158

{"id": "CVE-2014-3158", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-11-15T21:59:00.117", "references": [{"url": "http://advisories.mageia.org/MGASA-2014-0368.html", "source": "chrome-cve-admin@google.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136932.html", "source": "chrome-cve-admin@google.com"}, {"url": "http://marc.info/?l=linux-ppp&m=140764978420764", "source": "chrome-cve-admin@google.com"}, {"url": "http://www.debian.org/security/2014/dsa-3079", "source": "chrome-cve-admin@google.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:135", "source": "chrome-cve-admin@google.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "source": "chrome-cve-admin@google.com"}, {"url": "http://www.ubuntu.com/usn/USN-2429-1", "source": "chrome-cve-admin@google.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1128748", "source": "chrome-cve-admin@google.com"}, {"url": "https://github.com/paulusmack/ppp/commit/7658e8257183f062dc01f87969c140707c7e52cb", "source": "chrome-cve-admin@google.com"}, {"url": "http://advisories.mageia.org/MGASA-2014-0368.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136932.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=linux-ppp&m=140764978420764", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2014/dsa-3079", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:135", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-2429-1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1128748", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/paulusmack/ppp/commit/7658e8257183f062dc01f87969c140707c7e52cb", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to \"access privileged options\" via a long word in an options file, which triggers a heap-based buffer overflow that \"[corrupts] security-relevant variables.\""}, {"lang": "es", "value": "Desbordamiento de enteros en la funci\u00f3n en options.c en pppd en Paul's PPP Package (ppp) anterior a 2.4.7 permite a atacantes el 'Acceso a opciones privilegiadas' a trav\u00e9s de una palabra larga en el archivo de opciones, que provoca un desbordamiento de buffer basado en memoria din\u00e1mica que '(corrompe) las variables relevantes para la seguridad'."}], "lastModified": "2024-11-21T02:07:33.823", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:point-to-point_protocol_project:point-to-point_protocol:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B82DE957-F0F3-4989-82DC-85712A8D8E44", "versionEndIncluding": "2.4.6"}], "operator": "OR"}]}], "sourceIdentifier": "chrome-cve-admin@google.com"}