VDB
CVE-2014-4883
CVE-2014-4883
PUBLISHED
resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets.
EPSS 0.11% · 29.6th percentile
Risk Scores
EPSS Score
0.11%
29.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | lwipv6 | 0, 1.5a-2ubuntu2 |
| Ubuntu:24.04:LTS | lwipv6 | 0, 1.5a-9, 1.5a-9.1build1 |
| Ubuntu:16.04:LTS | lwipv6 | 1.5a-2ubuntu2, 0 |
| Ubuntu:20.04:LTS | lwipv6 | 1.5a-4, 0 |
| Ubuntu:25.10 | lwipv6 | *, 0, 1.5a-10 |
| Ubuntu:22.04:LTS | lwipv6 | 1.5a-9, 0 |
Exploit Intelligence
Timeline
- Nov 28, 2014 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 17, 2022 CVE Updated
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2014-4883 third-party-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1169008 third-party-advisory
- http://www.kb.cert.org/vuls/id/210620 third-party-advisory
- http://git.savannah.gnu.org/cgit/lwip.git/commit/?id=9fb46e120655ac481b2af8f865d5ae56c39b831a third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2014-4883 third-party-advisory