Home > Vulnerability Database > CVE-2014-8242

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2014-8242

Date: October 26, 2015

librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack.

Severity Score

4.8

Related Resources (14)

Url: http://www.openwall.com/lists/oss-security/2014/08/05/5

Url: https://nvd.nist.gov/vuln/detail/CVE-2014-8242

Url: http://www.openwall.com/lists/oss-security/2014/10/13/2

Url: http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152355.html

Url: https://github.com/librsync/librsync/issues/5

Url: https://github.com/librsync/librsync/releases/tag/v1.0.0

Url: http://www.openwall.com/lists/oss-security/2014/07/28/1

Url: http://lists.opensuse.org/opensuse-updates/2015-10/msg00034.html

Url: https://security.gentoo.org/glsa/201605-04

Url: https://www.miknet.net/security/optimizing-birthday-attack/

Url: http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152366.html

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1126712

Url: http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151105.html

Url: https://www.mend.io/vulnerability-database/CVE-2014-8242

Severity Score

4.8

Weakness Type (CWE)

Cryptographic Issues

CWE-310

CVSS v3.1

Base Score:	4.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	5.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Do you need more information?

Contact Us