Vulnerability Details : CVE-2014-1692
The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition.
Vulnerability category: OverflowMemory CorruptionDenial of service
Threat overview for CVE-2014-1692
Top countries where our scanners detected CVE-2014-1692
Top open port discovered on systems with this issue
22
IPs affected by CVE-2014-1692 322,464
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2014-1692!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2014-1692
Probability of exploitation activity in the next 30 days: 4.27%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 91 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-1692
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2014-1692
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-1692
-
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/Attic/schnorr.c.diff?r1=1.9%3Br2=1.10%3Bf=h
410 Gone
-
http://www.securityfocus.com/bid/65230
OpenSSH 'schnorr.c' Remote Memory Corruption VulnerabilityThird Party Advisory;VDB Entry
-
http://www-01.ibm.com/support/docview.wss?uid=isg3T1020637
IBM notice: The page you requested cannot be displayedThird Party Advisory
-
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/schnorr.c#rev1.10
CVS log for src/usr.bin/ssh/Attic/schnorr.cVendor Advisory
-
http://openwall.com/lists/oss-security/2014/01/29/10
oss-security - Re: OpenSSH J-PAKE vulnerability (no cause for panic! remain calm!)Mailing List;Third Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/90819
OpenSSH schnorr.c code execution CVE-2014-1692 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://marc.info/?l=bugtraq&m=141576985122836&w=2
'[security bulletin] HPSBUX03188 SSRT101487 rev.1 - HP-UX running HP Secure Shell, Remote Denial of S' - MARCThird Party Advisory
-
http://marc.info/?l=bugtraq&m=144050155601375&w=2
'[security bulletin] HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities' - MARCThird Party Advisory
-
http://secunia.com/advisories/60184
Sign inThird Party Advisory
-
http://openwall.com/lists/oss-security/2014/01/29/2
oss-security - OpenSSH J-PAKE vulnerability (no cause for panic! remain calm!)Mailing List;Third Party Advisory
Products affected by CVE-2014-1692
- cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*