Memory Leak in TCP Stack of Sophos UTM Kernel
CVE-2014-2537

Currently unrated

Key Information:

Vendor: Sophos
Status: Unified Threat Management Software; Unified Threat Management
Vendor: CVE Published:; 18 March 2014

Summary

A memory leak vulnerability exists in the TCP stack of the kernel in Sophos UTM prior to version 9.109. This flaw can be exploited by remote attackers to cause a denial of service by consuming memory resources, potentially leading to system instability and interruptions in service. The specifics of the attack vectors are not defined, but it is critical for users of affected versions to apply appropriate patches to mitigate this risk.

References

http://www.securitytracker.com/id/1029920

vdb-entryx_refsource_SECTRACK

http://secunia.com/advisories/57344

third-party-advisoryx_refsource_SECUNIA

http://blogs.sophos.com/2014/02/20/utm-up2date-9-109/

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 18, 2014
Vulnerability Reserved
Mar 18, 2014