{"api_version":"1","generated_at":"2026-07-07T04:34:06+00:00","cve":"CVE-2014-1690","urls":{"html":"https://cve.report/CVE-2014-1690","api":"https://cve.report/api/cve/CVE-2014-1690.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2014-1690","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2014-1690"},"summary":{"title":"CVE-2014-1690","description":"The help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect packet data is transmitted during use of the NAT mangle feature.","state":"PUBLISHED","assigner":"redhat","published_at":"2014-02-28 06:18:54","updated_at":"2026-04-29 01:13:23"},"problem_types":["CWE-200","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"2.6","severity":"","vector":"AV:N/AC:H/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:N/A:N","baseScore":2.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.ubuntu.com/usn/USN-2137-1","name":"http://www.ubuntu.com/usn/USN-2137-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"USN-2137-1: Linux kernel (Saucy HWE) vulnerabilities | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/USN-2140-1","name":"http://www.ubuntu.com/usn/USN-2140-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"USN-2140-1: Linux kernel vulnerabilities | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2690d97ade05c5325cbf7c72b94b90d265659886","name":"http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2690d97ade05c5325cbf7c72b94b90d265659886","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8","name":"http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Vendor Advisory"],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/USN-2158-1","name":"http://www.ubuntu.com/usn/USN-2158-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"USN-2158-1: Linux kernel (Raring HWE) vulnerabilities | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1058748","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1058748","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"],"title":"Bug 1058748 – CVE-2014-1690 Kernel: netfilter: nf_nat: leakage of uninitialized buffer in IRC NAT helper","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2014/01/28/3","name":"http://www.openwall.com/lists/oss-security/2014/01/28/3","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"],"title":"oss-security - Re: CVE request Linux kernel: netfilter: nf_nat: leakage of uninitialized buffer in IRC NAT helper","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/torvalds/linux/commit/2690d97ade05c5325cbf7c72b94b90d265659886","name":"https://github.com/torvalds/linux/commit/2690d97ade05c5325cbf7c72b94b90d265659886","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"],"title":"netfilter: nf_nat: fix access to uninitialized buffer in IRC NAT helper · torvalds/linux@2690d97 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2690d97ade05c5325cbf7c72b94b90d265659886","name":"CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2690d97ade05c5325cbf7c72b94b90d265659886","refsource":"MITRE","tags":[],"title":"kernel/git/torvalds/linux.git - Linux kernel source tree","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2014-1690","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-1690","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2014","cve_id":"1690","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"12.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"esm","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"1690","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"13.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"1690","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2014","cve_id":"1690","cve":"CVE-2014-1690","epss":"0.038490000","percentile":"0.888710000","score_date":"2026-07-06","updated_at":"2026-07-07 00:05:20"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T09:50:10.620Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"USN-2137-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://www.ubuntu.com/usn/USN-2137-1"},{"name":"USN-2140-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://www.ubuntu.com/usn/USN-2140-1"},{"name":"USN-2158-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://www.ubuntu.com/usn/USN-2158-1"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1058748"},{"name":"[oss-security] 20140128 Re: CVE request Linux kernel: netfilter: nf_nat: leakage of uninitialized buffer in IRC NAT helper","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2014/01/28/3"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2690d97ade05c5325cbf7c72b94b90d265659886"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://github.com/torvalds/linux/commit/2690d97ade05c5325cbf7c72b94b90d265659886"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2014-01-15T00:00:00.000Z","descriptions":[{"lang":"en","value":"The help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect packet data is transmitted during use of the NAT mangle feature."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2014-04-10T14:57:01.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"USN-2137-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://www.ubuntu.com/usn/USN-2137-1"},{"name":"USN-2140-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://www.ubuntu.com/usn/USN-2140-1"},{"name":"USN-2158-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://www.ubuntu.com/usn/USN-2158-1"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1058748"},{"name":"[oss-security] 20140128 Re: CVE request Linux kernel: netfilter: nf_nat: leakage of uninitialized buffer in IRC NAT helper","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2014/01/28/3"},{"tags":["x_refsource_CONFIRM"],"url":"http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2690d97ade05c5325cbf7c72b94b90d265659886"},{"tags":["x_refsource_CONFIRM"],"url":"https://github.com/torvalds/linux/commit/2690d97ade05c5325cbf7c72b94b90d265659886"}]}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2014-1690","datePublished":"2014-02-28T02:00:00.000Z","dateReserved":"2014-01-28T00:00:00.000Z","dateUpdated":"2024-08-06T09:50:10.620Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2014-02-28 06:18:54","lastModifiedDate":"2026-04-29 01:13:23","problem_types":["CWE-200","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:N/A:N","baseScore":2.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":4.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"3.12.8","matchCriteriaId":"6B3D58B5-3A44-4506-B657-3BC3C83BE522"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","matchCriteriaId":"8D305F7A-D159-4716-AB26-5E38BB5CD991"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*","matchCriteriaId":"7F61F047-129C-41A6-8A27-FFCBB8563E91"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2014","CveId":"1690","Ordinal":"1","Title":"CVE-2014-1690","CVE":"CVE-2014-1690","Year":"2014"},"notes":[{"CveYear":"2014","CveId":"1690","Ordinal":"1","NoteData":"The help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect packet data is transmitted during use of the NAT mangle feature.","Type":"Description","Title":"CVE-2014-1690"},{"CveYear":"2014","CveId":"1690","Ordinal":"2","NoteData":"2014-02-27","Type":"Other","Title":"Published"},{"CveYear":"2014","CveId":"1690","Ordinal":"3","NoteData":"2014-04-10","Type":"Other","Title":"Modified"}]}}}