Search for vulnerabilities
Vulnerability details: VCID-7fqr-68v1-aaab
Vulnerability ID VCID-7fqr-68v1-aaab
Aliases CVE-2014-0239
Summary The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that triggers a communication loop, a related issue to CVE-1999-0103.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-20 Improper Input Validation
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0239.html
epss 0.08568 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.0937 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.0937 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.0937 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.0937 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.0937 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.0937 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.0937 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.0937 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.0937 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.0937 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.0937 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.0937 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.0937 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.10075 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.10075 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.10075 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.10075 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.10075 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.10075 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.10075 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.10075 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.10075 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.10075 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.10075 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.10075 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.10075 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.10075 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.10075 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.10075 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.10075 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.10075 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.10075 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.10075 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.10075 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.10075 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.10075 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.10075 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.10075 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.10075 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.10075 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.10075 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.10075 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.10075 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.10075 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.10075 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.10075 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.10576 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.10576 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.10576 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.22157 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.22157 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.22157 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.22157 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.22157 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.22157 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.22157 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.22157 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.22157 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.22157 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.22157 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.22157 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.37384 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.37384 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.37384 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.37384 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.37384 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.37384 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.37384 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
epss 0.37384 https://api.first.org/data/v1/epss?cve=CVE-2014-0239
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=1101988
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0239
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2014-0239
generic_textual Medium https://ubuntu.com/security/notices/USN-2257-1
generic_textual Medium http://www.samba.org/samba/security/CVE-2014-0239
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0239.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0239.json
https://api.first.org/data/v1/epss?cve=CVE-2014-0239
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0239
http://secunia.com/advisories/59579
http://security.gentoo.org/glsa/glsa-201502-15.xml
https://ubuntu.com/security/notices/USN-2257-1
http://www.samba.org/samba/security/CVE-2014-0239
http://www.securityfocus.com/bid/67691
http://www.securitytracker.com/id/1030309
1101988 https://bugzilla.redhat.com/show_bug.cgi?id=1101988
749845 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749845
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.10:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.11:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.12:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.13:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.14:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.15:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.16:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.17:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:4.0.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:4.0.9:*:*:*:*:*:*:*
CVE-2014-0239 https://nvd.nist.gov/vuln/detail/CVE-2014-0239
GLSA-201502-15 https://security.gentoo.org/glsa/201502-15
USN-2257-1 https://usn.ubuntu.com/2257-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2014-0239
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.8713
EPSS Score 0.08568
Published At March 29, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.