CVE-2014-1690

NameCVE-2014-1690
DescriptionThe help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect packet data is transmitted during use of the NAT mangle feature.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)buster4.19.249-2fixed
buster (security)4.19.260-1fixed
bullseye5.10.140-1fixed
bullseye (security)5.10.149-2fixed
bookworm6.0.8-1fixed
sid6.0.10-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsourcewheezy(not affected)
linuxsource(unstable)3.12.8-1
linux-2.6source(unstable)(not affected)

Notes

[wheezy] - linux <not-affected> (Introduced in 3.7)
- linux-2.6 <not-affected> (Introduced in 3.7)
https://git.kernel.org/linus/2690d97ade05c5325cbf7c72b94b90d265659886

Search for package or bug name: Reporting problems