CVE-2014-3970

EUVD-2014-3903
The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.9 UNKNOWN
ADJACENT_NETWORK
MEDIUM
AV:A/AC:M/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
Affected Products (NVD)
VendorProductVersion
pulseaudiopulseaudio
1.0
pulseaudiopulseaudio
1.1
pulseaudiopulseaudio
1.99.1
pulseaudiopulseaudio
1.99.2
pulseaudiopulseaudio
2.0
pulseaudiopulseaudio
2.1
pulseaudiopulseaudio
3.0
pulseaudiopulseaudio
4.0
pulseaudiopulseaudio
5.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pulseaudio
bookworm
16.1+dfsg1-2
fixed
bullseye
14.2-2
fixed
sid
16.1+dfsg1-5.1
fixed
squeeze
no-dsa
trixie
16.1+dfsg1-5.1
fixed
wheezy
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pulseaudio
artful
ignored
bionic
not-affected
cosmic
not-affected
disco
not-affected
lucid
ignored
precise
ignored
saucy
ignored
trusty
dne
utopic
ignored
vivid
ignored
wily
ignored
xenial
not-affected
yakkety
ignored
zesty
ignored
References
http://advisories.mageia.org/MGASA-2014-0440.html
http://lists.freedesktop.org/archives/pulseaudio-discuss/2014-May/020740.html
http://seclists.org/oss-sec/2014/q2/429
http://seclists.org/oss-sec/2014/q2/437
http://secunia.com/advisories/60624
http://www.mandriva.com/security/advisories?name=MDVSA-2015:134
http://www.securityfocus.com/bid/67814
http://advisories.mageia.org/MGASA-2014-0440.html
http://lists.freedesktop.org/archives/pulseaudio-discuss/2014-May/020740.html
http://seclists.org/oss-sec/2014/q2/429
http://seclists.org/oss-sec/2014/q2/437
http://secunia.com/advisories/60624
http://www.mandriva.com/security/advisories?name=MDVSA-2015:134
http://www.securityfocus.com/bid/67814