CVE-2014-3970

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-3970
The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet.

2.9 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:A/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 5.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://advisories.mageia.org/MGASA-2014-0440.html
http://lists.freedesktop.org/archives/pulseaudio-discuss/2014-May/020740.html Exploit
http://seclists.org/oss-sec/2014/q2/429
http://seclists.org/oss-sec/2014/q2/437
http://secunia.com/advisories/60624
http://www.mandriva.com/security/advisories?name=MDVSA-2015:134
http://www.securityfocus.com/bid/67814
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:pulseaudio:pulseaudio:1.0:*:*:*:*:*:*:*
cpe:2.3:a:pulseaudio:pulseaudio:1.1:*:*:*:*:*:*:*
cpe:2.3:a:pulseaudio:pulseaudio:1.99.1:*:*:*:*:*:*:*
cpe:2.3:a:pulseaudio:pulseaudio:1.99.2:*:*:*:*:*:*:*
cpe:2.3:a:pulseaudio:pulseaudio:2.0:*:*:*:*:*:*:*
cpe:2.3:a:pulseaudio:pulseaudio:2.1:*:*:*:*:*:*:*
cpe:2.3:a:pulseaudio:pulseaudio:3.0:*:*:*:*:*:*:*
cpe:2.3:a:pulseaudio:pulseaudio:4.0:*:*:*:*:*:*:*
cpe:2.3:a:pulseaudio:pulseaudio:5.0:*:*:*:*:*:*:*
History

No history.

Information

Published : 2014-06-11 14:55

Updated : 2024-02-28 12:20

NVD link : CVE-2014-3970

Mitre link : CVE-2014-3970

CVE.ORG link : CVE-2014-3970

JSON object : View

Products Affected

pulseaudio

  • pulseaudio
CWE
NVD-CWE-noinfo