Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-1692

EPSS 12.54% · P94
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2014-1692

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via vectors that trigger an error condition.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenSSH‘hash_buffer’函数缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenSSH(OpenBSD Secure Shell)是OpenBSD计划组所维护的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源实现,支持对所有的传输进行加密,可有效阻止窃听、连接劫持以及其他网络级的攻击。 OpenSSH 6.4及之前的版本中的schnorr.c文件中的‘hash_buffer’函数中存在缓冲区溢出漏洞,该漏洞源于当Makefile.inc文件被修改使用J-PAKE协议时,程序没有正确初始化某些数据结构。远程攻击者可利用该漏洞造成拒绝服务(内存损坏)或产生其他影响。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2014-1692

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2014-1692

Please Login to view more intelligence information

Same Patch Batch · n/a · 2014-01-29 · 23 CVEs total

CVE-2013-7318AlgoSec Firewall Analyzer 跨站脚本漏洞
CVE-2014-0810JustSystems Sanshiro 安全漏洞
CVE-2013-6931Cybozu Garoon API SQL注入漏洞
CVE-2013-6930Cybozu Garoon page-navigation SQL注入漏洞
CVE-2013-6749IBM Lotus Quickr qp2.cab文件缓冲区溢出漏洞
CVE-2013-6748IBM Lotus Quickr qp2.cab文件缓冲区溢出漏洞
CVE-2013-2974IBM Tivoli Application Dependency Discovery Manager 权限许可和访问控制漏洞
CVE-2014-0682Cisco WebEx Meetings Server 权限许可和访问控制漏洞
CVE-2014-0681Cisco ISE 跨站脚本漏洞
CVE-2014-0680Cisco ISE NAC Web Agent 跨站脚本漏洞
CVE-2014-1683Iconify SkyBlueCanvas‘index.php’格式化字符串漏洞
CVE-2012-6086Zabbix ‘cURL’ API加密问题漏洞
CVE-2013-6141op5 Monitor 安全漏洞
CVE-2013-5092AlgoSec Firewall Analyzer 跨站脚本漏洞
CVE-2013-5005Tripwire Enterprise 跨站脚本漏洞
CVE-2013-4898SocialEngine TimeLine插件权限许可和访问控制漏洞
CVE-2013-4889Spring Signage Xibo 跨站请求伪造漏洞
CVE-2013-4888Spring Signage Xibo ’layout‘参数跨站脚本漏洞
CVE-2013-4887Spring Signage Xibo ‘displayid’参数SQL注入漏洞
CVE-2013-4662CiviCRM SQL注入漏洞

Showing top 20 of 23 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2014-1692

No comments yet

Leave a comment