{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-05-31T00:00:00", "descriptions": [{"lang": "en", "value": "The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-01-04T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "67814", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/67814"}, {"name": "MDVSA-2015:134", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:134"}, {"name": "[oss-security] 20140604 CVE request: PulseAudio crash due to empty UDP packet", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2014/q2/429"}, {"name": "[pulseaudio-discuss] 20140531 Remotely triggerable crash in module-rtp-recv", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.freedesktop.org/archives/pulseaudio-discuss/2014-May/020740.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://advisories.mageia.org/MGASA-2014-0440.html"}, {"name": "60624", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60624"}, {"name": "[oss-security] 20140604 Re: CVE request: PulseAudio crash due to empty UDP packet", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2014/q2/437"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3970", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "67814", "refsource": "BID", "url": "http://www.securityfocus.com/bid/67814"}, {"name": "MDVSA-2015:134", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:134"}, {"name": "[oss-security] 20140604 CVE request: PulseAudio crash due to empty UDP packet", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2014/q2/429"}, {"name": "[pulseaudio-discuss] 20140531 Remotely triggerable crash in module-rtp-recv", "refsource": "MLIST", "url": "http://lists.freedesktop.org/archives/pulseaudio-discuss/2014-May/020740.html"}, {"name": "http://advisories.mageia.org/MGASA-2014-0440.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2014-0440.html"}, {"name": "60624", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60624"}, {"name": "[oss-security] 20140604 Re: CVE request: PulseAudio crash due to empty UDP packet", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2014/q2/437"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:57:18.048Z"}, "title": "CVE Program Container", "references": [{"name": "67814", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/67814"}, {"name": "MDVSA-2015:134", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:134"}, {"name": "[oss-security] 20140604 CVE request: PulseAudio crash due to empty UDP packet", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/oss-sec/2014/q2/429"}, {"name": "[pulseaudio-discuss] 20140531 Remotely triggerable crash in module-rtp-recv", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.freedesktop.org/archives/pulseaudio-discuss/2014-May/020740.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://advisories.mageia.org/MGASA-2014-0440.html"}, {"name": "60624", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60624"}, {"name": "[oss-security] 20140604 Re: CVE request: PulseAudio crash due to empty UDP packet", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/oss-sec/2014/q2/437"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-3970", "datePublished": "2014-06-11T14:00:00", "dateReserved": "2014-06-04T00:00:00", "dateUpdated": "2024-08-06T10:57:18.048Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pulseaudio:pulseaudio:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BFDEE3D-44CD-43E8-92C8-953EFDB22761", "vulnerable": true}, {"criteria": "cpe:2.3:a:pulseaudio:pulseaudio:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "F596B154-DABA-481F-9CB2-799D3AB142B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pulseaudio:pulseaudio:1.99.1:*:*:*:*:*:*:*", "matchCriteriaId": "733CA32D-2662-4158-8458-B0D6C9DC14BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:pulseaudio:pulseaudio:1.99.2:*:*:*:*:*:*:*", "matchCriteriaId": "EB11D799-A9C3-4F27-A58C-818A130D1DAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:pulseaudio:pulseaudio:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "CA2B12D8-F21A-41F3-91E2-9AE271D2C692", "vulnerable": true}, {"criteria": "cpe:2.3:a:pulseaudio:pulseaudio:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "836FD10A-2A09-458A-B904-DAB5D5D78D52", "vulnerable": true}, {"criteria": "cpe:2.3:a:pulseaudio:pulseaudio:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "D664D404-5476-46E7-8EC9-9F4BAD4AB38D", "vulnerable": true}, {"criteria": "cpe:2.3:a:pulseaudio:pulseaudio:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "7C45B6F5-CBFB-417C-8ADE-F9DA5D7F535E", "vulnerable": true}, {"criteria": "cpe:2.3:a:pulseaudio:pulseaudio:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "EB2BA4B8-5EF9-4DDB-B68F-A7941D001E13", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet."}, {"lang": "es", "value": "La funci\u00f3n pa_rtp_recv en modules/rtp/rtp.c en el m\u00f3dulo module-rtp-recv en PulseAudio 5.0 y anteriores permite a atacantes remotos causar una denegaci\u00f3n de servicio (fallo de aserci\u00f3n y abortar) a trav\u00e9s de un paquete UDP vac\u00edo."}], "id": "CVE-2014-3970", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 5.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-06-11T14:55:09.423", "references": [{"source": "cve@mitre.org", "url": "http://advisories.mageia.org/MGASA-2014-0440.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://lists.freedesktop.org/archives/pulseaudio-discuss/2014-May/020740.html"}, {"source": "cve@mitre.org", "url": "http://seclists.org/oss-sec/2014/q2/429"}, {"source": "cve@mitre.org", "url": "http://seclists.org/oss-sec/2014/q2/437"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/60624"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:134"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/67814"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://advisories.mageia.org/MGASA-2014-0440.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://lists.freedesktop.org/archives/pulseaudio-discuss/2014-May/020740.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/oss-sec/2014/q2/429"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/oss-sec/2014/q2/437"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/60624"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:134"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/67814"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "pulseaudio: denial of service in module-rtp-recv", "id": "1104835", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1104835"}, "csaw": false, "cvss": {"cvss_base_score": "1.8", "cvss_scoring_vector": "AV:A/AC:H/Au:N/C:N/I:N/A:P", "status": "draft"}, "details": ["The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet."], "name": "CVE-2014-3970", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "pulseaudio", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "pulseaudio", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2014-05-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-3970\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3970"], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low"}