{"id":"CVE-2019-14459","details":"nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service).","modified":"2026-04-11T14:10:57.170071Z","published":"2019-07-31T21:15:11.390Z","references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ULSZMKA7P7REJMANVL7D6WMZ2L7IRSET/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTONOGJU5FSMFNRCT6OHXYUMDRKH4RPA/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00021.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202003-17"},{"type":"FIX","url":"https://github.com/phaag/nfdump/commit/3b006ededaf351f1723aea6c727c9edd1b1fff9b"},{"type":"EVIDENCE","url":"https://github.com/phaag/nfdump/issues/171"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/phaag/nfdump","events":[{"introduced":"0"},{"last_affected":"ec91b397c33693706bfbaf2ae4172d222f25f111"},{"fixed":"3b006ededaf351f1723aea6c727c9edd1b1fff9b"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.6.17"}]}}],"versions":["v1.6.14","v1.6.14-b1","v1.6.14-b2","v1.6.15","v1.6.16","v1.6.17"],"database_specific":{"vanir_signatures_modified":"2026-04-11T14:10:57Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"29"}]},{"events":[{"introduced":"0"},{"last_affected":"30"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-14459.json","vanir_signatures":[{"id":"CVE-2019-14459-28d0cf76","deprecated":false,"digest":{"length":445,"function_hash":"2566065934500313209064802284287609098"},"source":"https://github.com/phaag/nfdump/commit/3b006ededaf351f1723aea6c727c9edd1b1fff9b","target":{"file":"bin/ipfix.c","function":"Process_ipfix_template_withdraw"},"signature_version":"v1","signature_type":"Function"},{"id":"CVE-2019-14459-9ed48c63","deprecated":false,"digest":{"length":4554,"function_hash":"255931474877025429624093994592633441352"},"source":"https://github.com/phaag/nfdump/commit/3b006ededaf351f1723aea6c727c9edd1b1fff9b","target":{"file":"bin/ipfix.c","function":"Process_ipfix_template_add"},"signature_version":"v1","signature_type":"Function"},{"id":"CVE-2019-14459-d0710105","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["61093887762454218481233648391296405957","59834892523595629546671054081810919351","278423574008120186746432230498105753055","234917007496416288369355897334790062791","119039669925299467230396952435174491989","194799690917280427686831918636223352098","169117545355776012287811733532588520142"]},"source":"https://github.com/phaag/nfdump/commit/3b006ededaf351f1723aea6c727c9edd1b1fff9b","target":{"file":"bin/ipfix.c"},"signature_version":"v1","signature_type":"Line"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}