CVE-2014-3711 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2014-3711

CWE

https://cwe.mitre.org/data/definitions/399.html

namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (memory exhaustion) via vectors that trigger a sandboxed process to look up a large number of nonexistent path names.

Affected Software

Name	Vendor	Start Version	End Version
Freebsd	Freebsd	10.0	10.0
Freebsd	Freebsd	9.3	9.3
Freebsd	Freebsd	10.1	10.1
Freebsd	Freebsd	10.0	10.0
Freebsd	Freebsd	9.1	9.1
Freebsd	Freebsd	9.2	9.2
Freebsd	Freebsd	9.3	9.3
Freebsd	Freebsd	9.2	9.2
Freebsd	Freebsd	9.3	9.3
Freebsd	Freebsd	10.1	10.1
Freebsd	Freebsd	9.2	9.2
Freebsd	Freebsd	9.2	9.2
Freebsd	Freebsd	10.1	10.1
Freebsd	Freebsd	10.0	10.0
Freebsd	Freebsd	9.1	9.1
Freebsd	Freebsd	9.1	9.1

References

http://www.securitytracker.com/id/1031100
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:22.namei.asc
http://www.debian.org/security/2014/dsa-3070
http://secunia.com/advisories/62218