CVE-2013-1634 - Vulnerability Details - OpenCVE

A denial of service vulnerability exists in some motherboard implementations of Intel e1000e/82574L network controller devices through 2013-02-06 where the device can be brought into a non-processing state when parsing 32 hex, 33 hex, or 34 hex byte values at the 0x47f offset. NOTE: A followup statement from Intel suggests that the root cause of this issue was an incorrectly configured EEPROM image.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Intel	82574l Controller 82574l Controller Firmware

Configuration 1 [-]

AND

cpe:2.3:o:intel:82574l_controller_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:82574l_controller:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://blog.krisk.org/2013/02/packets-of-death.html
http://web.archive.org/web/20131205055429/https://communities.intel.com/community/wired/blog/2013/02/07/intel-82574l-gigabit-ethernet-controller-statement
http://www.openwall.com/lists/oss-security/2013/02/12/3
http://www.openwall.com/lists/oss-security/2013/02/12/4
http://www.securitytracker.com/id/1028089
https://exchange.xforce.ibmcloud.com/vulnerabilities/85069

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-02-13T21:15:37

Updated: 2024-08-06T15:04:49.568Z

Reserved: 2013-02-07T00:00:00

Link: CVE-2013-1634

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-02-13T22:15:11.033

Modified: 2024-11-21T01:50:02.400

Link: CVE-2013-1634

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "A denial of service vulnerability exists in some motherboard implementations of Intel e1000e/82574L network controller devices through 2013-02-06 where the device can be brought into a non-processing state when parsing 32 hex, 33 hex, or 34 hex byte values at the 0x47f offset. NOTE: A followup statement from Intel suggests that the root cause of this issue was an incorrectly configured EEPROM image."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-13T21:15:37", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1028089", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1028089"}, {"name": "[oss-security] 20130212 Re: Re: e1000e/82574L hardware erratum", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/02/12/4"}, {"name": "[oss-security] 20130212 Re: e1000e/82574L hardware erratum", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/02/12/3"}, {"name": "85069", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85069"}, {"tags": ["x_refsource_MISC"], "url": "http://web.archive.org/web/20131205055429/https://communities.intel.com/community/wired/blog/2013/02/07/intel-82574l-gigabit-ethernet-controller-statement"}, {"tags": ["x_refsource_MISC"], "url": "http://blog.krisk.org/2013/02/packets-of-death.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1634", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A denial of service vulnerability exists in some motherboard implementations of Intel e1000e/82574L network controller devices through 2013-02-06 where the device can be brought into a non-processing state when parsing 32 hex, 33 hex, or 34 hex byte values at the 0x47f offset. NOTE: A followup statement from Intel suggests that the root cause of this issue was an incorrectly configured EEPROM image."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1028089", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1028089"}, {"name": "[oss-security] 20130212 Re: Re: e1000e/82574L hardware erratum", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/02/12/4"}, {"name": "[oss-security] 20130212 Re: e1000e/82574L hardware erratum", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/02/12/3"}, {"name": "85069", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85069"}, {"name": "http://web.archive.org/web/20131205055429/https://communities.intel.com/community/wired/blog/2013/02/07/intel-82574l-gigabit-ethernet-controller-statement", "refsource": "MISC", "url": "http://web.archive.org/web/20131205055429/https://communities.intel.com/community/wired/blog/2013/02/07/intel-82574l-gigabit-ethernet-controller-statement"}, {"name": "http://blog.krisk.org/2013/02/packets-of-death.html", "refsource": "MISC", "url": "http://blog.krisk.org/2013/02/packets-of-death.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:04:49.568Z"}, "title": "CVE Program Container", "references": [{"name": "1028089", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1028089"}, {"name": "[oss-security] 20130212 Re: Re: e1000e/82574L hardware erratum", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/02/12/4"}, {"name": "[oss-security] 20130212 Re: e1000e/82574L hardware erratum", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/02/12/3"}, {"name": "85069", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85069"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://web.archive.org/web/20131205055429/https://communities.intel.com/community/wired/blog/2013/02/07/intel-82574l-gigabit-ethernet-controller-statement"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blog.krisk.org/2013/02/packets-of-death.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-1634", "datePublished": "2020-02-13T21:15:37", "dateReserved": "2013-02-07T00:00:00", "dateUpdated": "2024-08-06T15:04:49.568Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:intel:82574l_controller_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C23F61B-6C4D-4A92-A79B-FAFED063CFD3", "versionEndIncluding": "2013-02-06", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intel:82574l_controller:-:*:*:*:*:*:*:*", "matchCriteriaId": "2406CD17-5DF7-4C65-9524-FCDA61CC1444", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A denial of service vulnerability exists in some motherboard implementations of Intel e1000e/82574L network controller devices through 2013-02-06 where the device can be brought into a non-processing state when parsing 32 hex, 33 hex, or 34 hex byte values at the 0x47f offset. NOTE: A followup statement from Intel suggests that the root cause of this issue was an incorrectly configured EEPROM image."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de denegaci\u00f3n de servicio en algunas implementaciones de tarjetas madre de dispositivos controladores de red Intel e1000e/82574L hasta el 06-02-2013, donde el dispositivo puede pasar a un estado sin procesamiento al analizar valores de 32 hex, 33 hex o 34 hex byte en el desplazamiento 0x47f. NOTA: Una declaraci\u00f3n de seguimiento de Intel sugiere que la causa ra\u00edz de este problema fue una imagen EEPROM configurada incorrectamente."}], "id": "CVE-2013-1634", "lastModified": "2024-11-21T01:50:02.400", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-13T22:15:11.033", "references": [{"source": "cve@mitre.org", "tags": ["Technical Description", "Third Party Advisory"], "url": "http://blog.krisk.org/2013/02/packets-of-death.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://web.archive.org/web/20131205055429/https://communities.intel.com/community/wired/blog/2013/02/07/intel-82574l-gigabit-ethernet-controller-statement"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2013/02/12/3"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2013/02/12/4"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1028089"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85069"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Technical Description", "Third Party Advisory"], "url": "http://blog.krisk.org/2013/02/packets-of-death.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://web.archive.org/web/20131205055429/https://communities.intel.com/community/wired/blog/2013/02/07/intel-82574l-gigabit-ethernet-controller-statement"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2013/02/12/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2013/02/12/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1028089"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85069"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-665"}], "source": "nvd@nist.gov", "type": "Primary"}]}