Denial of Service Vulnerability in FreeBSD's Iconv Module
CVE-2014-3951

Currently unrated

Key Information:

Vendor: FreeBSD
Status: FreeBSD; Netbsd
Vendor: CVE Published:; 21 August 2014

What is CVE-2014-3951?

The HZ module in the iconv implementation within FreeBSD 10.0 versions before p6 and NetBSD is vulnerable to a denial of service attack. Attackers may exploit this vulnerability by crafting specific arguments to the iconv_open function, potentially leading to a NULL pointer dereference and impacting system stability. This issue prompts administrators to review and mitigate risks associated with the use of these affected versions.

References

http://www.freebsd.org/security/advisories/FreeBSD-SA-14:...

vendor-advisoryx_refsource_FREEBSD

http://www.securitytracker.com/id/1030458

vdb-entryx_refsource_SECTRACK

http://mail-index.netbsd.org/source-changes/2014/06/24/ms...

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 21, 2014
Vulnerability Reserved
Jun 3, 2014