[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-8322Date: (C)2020-02-03   (M)2023-12-22


Stack-based buffer overflow in the tcp_test function in aireplay-ng.c in Aircrack-ng before 1.2 RC 1 allows remote attackers to execute arbitrary code via a crafted length parameter value.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 9.8CVSS Score : 7.5
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 5.9Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: PARTIAL
Integrity: HIGH 
Availability: HIGH 
  
Reference:
http://aircrack-ng.blogspot.com/2014/10/aircrack-ng-12-release-candidate-1.html
http://packetstormsecurity.com/files/128943/Aircrack-ng-1.2-Beta-3-DoS-Code-Execution.html
http://www.exploit-db.com/exploits/35018
https://exchange.xforce.ibmcloud.com/vulnerabilities/98459
https://github.com/aircrack-ng/aircrack-ng/commit/091b153f294b9b695b0b2831e65936438b550d7b
https://github.com/aircrack-ng/aircrack-ng/pull/14

CPE    4
cpe:/a:aircrack-ng:aircrack-ng
cpe:/a:aircrack-ng:aircrack-ng:1.2:beta3
cpe:/a:aircrack-ng:aircrack-ng:1.2:beta2
cpe:/a:aircrack-ng:aircrack-ng:1.2:beta1
...
CWE    1
CWE-787
OVAL    2
oval:org.secpod.oval:def:107920
oval:org.secpod.oval:def:107906

© SecPod Technologies