{"id":"UBUNTU-CVE-2014-4883","details":"resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets.","modified":"2026-04-27T15:11:28.873418Z","published":"2014-11-28T02:59:00Z","upstream":["CVE-2014-4883"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-4883"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1169008"},{"type":"REPORT","url":"http://www.kb.cert.org/vuls/id/210620"},{"type":"REPORT","url":"http://git.savannah.gnu.org/cgit/lwip.git/commit/?id=9fb46e120655ac481b2af8f865d5ae56c39b831a"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2014-4883"}],"affected":[{"package":{"name":"lwipv6","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/lwipv6@1.5a-2ubuntu2?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.5a-2ubuntu2"],"ecosystem_specific":{"binaries":[{"binary_version":"1.5a-2ubuntu2","binary_name":"liblwipv6-2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-4883.json"}},{"package":{"name":"lwipv6","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/lwipv6@1.5a-2ubuntu2?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.5a-2ubuntu2"],"ecosystem_specific":{"binaries":[{"binary_version":"1.5a-2ubuntu2","binary_name":"liblwipv6-2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-4883.json"}},{"package":{"name":"lwipv6","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/lwipv6@1.5a-4?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.5a-4"],"ecosystem_specific":{"binaries":[{"binary_version":"1.5a-4","binary_name":"liblwipv6-2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-4883.json"}},{"package":{"name":"lwipv6","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/lwipv6@1.5a-9?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.5a-9"],"ecosystem_specific":{"binaries":[{"binary_version":"1.5a-9","binary_name":"liblwipv6-2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-4883.json"}},{"package":{"name":"lwipv6","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/lwipv6@1.5a-9.1build1?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.5a-9","1.5a-9.1","1.5a-9.1build1"],"ecosystem_specific":{"binaries":[{"binary_version":"1.5a-9.1build1","binary_name":"liblwipv6-2t64"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-4883.json"}},{"package":{"name":"lwipv6","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/lwipv6@1.5a-10.1?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.5a-10","1.5a-10.1"],"ecosystem_specific":{"binaries":[{"binary_version":"1.5a-10.1","binary_name":"liblwipv6-2t64"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-4883.json"}},{"package":{"name":"lwipv6","ecosystem":"Ubuntu:26.04","purl":"pkg:deb/ubuntu/lwipv6@1.5a-10.1build1?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.5a-10.1","1.5a-10.1build1"],"ecosystem_specific":{"binaries":[{"binary_version":"1.5a-10.1build1","binary_name":"liblwipv6-2t64"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-4883.json"}}],"schema_version":"1.7.5","severity":[{"type":"Ubuntu","score":"medium"}]}