// For flags

CVE-2014-9761

glibc: Unbounded stack allocation in nan* functions

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.

Múltiples desbordamientos de buffer basado en pila en la GNU C Library (también conocida como glibc o libc6) en versiones anteriores a 2.23 permiten a atacantes dependientes del contexto causar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbirario a través de un argumento largo en la función (1) nan, (2) nanf o (3) nanl.

A stack overflow vulnerability was found in nan* functions that could cause applications, which process long strings with the nan function, to crash or, potentially, execute arbitrary code.

Martin Carpenter discovered that pt_chown in the GNU C Library did not properly check permissions for tty files. A local attacker could use this to gain administrative privileges or expose sensitive information. Robin Hack discovered that the Name Service Switch (NSS) implementation in the GNU C Library did not properly manage its file descriptors. An attacker could use this to cause a denial of service (infinite loop). Various other issues were also addressed.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-05-26 CVE Published
  • 2016-01-19 CVE Reserved
  • 2019-06-13 First Exploit
  • 2024-08-06 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (26)
URL Tag Source
http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html X_refsource_misc
http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html X_refsource_misc
http://seclists.org/fulldisclosure/2019/Jun/18 Mailing List
http://seclists.org/fulldisclosure/2019/Sep/7 Mailing List
http://www.openwall.com/lists/oss-security/2016/01/19/11 Mailing List
http://www.openwall.com/lists/oss-security/2016/01/20/1 Mailing List
http://www.securityfocus.com/bid/83306 Vdb Entry
https://seclists.org/bugtraq/2019/Jun/14 Mailing List
https://seclists.org/bugtraq/2019/Sep/7 Mailing List
https://sourceware.org/bugzilla/show_bug.cgi?id=16962 X_refsource_confirm
URL Date SRC
https://packetstorm.news/files/id/154361 2019-09-04
https://packetstorm.news/files/id/153278 2019-06-13
URL Date SRC
URL Date SRC
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html 2019-06-13
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html 2019-06-13
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html 2019-06-13
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html 2019-06-13
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html 2019-06-13
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html 2019-06-13
http://rhn.redhat.com/errata/RHSA-2017-0680.html 2019-06-13
http://www.ubuntu.com/usn/USN-2985-1 2019-06-13
http://www.ubuntu.com/usn/USN-2985-2 2019-06-13
https://access.redhat.com/errata/RHSA-2017:1916 2019-06-13
https://security.gentoo.org/glsa/201702-11 2019-06-13
https://www.sourceware.org/ml/libc-alpha/2016-02/msg00502.html 2019-06-13
https://access.redhat.com/security/cve/CVE-2014-9761 2017-08-01
https://bugzilla.redhat.com/show_bug.cgi?id=1300310 2017-08-01
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Suse
Search vendor "Suse"
 Linux Enterprise Debuginfo
Search vendor "Suse" for product "Linux Enterprise Debuginfo"
 11.0
Search vendor "Suse" for product "Linux Enterprise Debuginfo" and version "11.0"
sp2
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Debuginfo
Search vendor "Suse" for product "Linux Enterprise Debuginfo"
 11.0
Search vendor "Suse" for product "Linux Enterprise Debuginfo" and version "11.0"
sp3
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Debuginfo
Search vendor "Suse" for product "Linux Enterprise Debuginfo"
 11.0
Search vendor "Suse" for product "Linux Enterprise Debuginfo" and version "11.0"
sp4
Affected
Opensuse
Search vendor "Opensuse"
 Opensuse
Search vendor "Opensuse" for product "Opensuse"
 13.2
Search vendor "Opensuse" for product "Opensuse" and version "13.2"
-
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Desktop
Search vendor "Suse" for product "Linux Enterprise Desktop"
 11.0
Search vendor "Suse" for product "Linux Enterprise Desktop" and version "11.0"
sp3
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Desktop
Search vendor "Suse" for product "Linux Enterprise Desktop"
 11.0
Search vendor "Suse" for product "Linux Enterprise Desktop" and version "11.0"
sp4
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Desktop
Search vendor "Suse" for product "Linux Enterprise Desktop"
 12
Search vendor "Suse" for product "Linux Enterprise Desktop" and version "12"
-
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Desktop
Search vendor "Suse" for product "Linux Enterprise Desktop"
 12
Search vendor "Suse" for product "Linux Enterprise Desktop" and version "12"
sp1
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Server
Search vendor "Suse" for product "Linux Enterprise Server"
 11.0
Search vendor "Suse" for product "Linux Enterprise Server" and version "11.0"
sp2, lts
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Server
Search vendor "Suse" for product "Linux Enterprise Server"
 11.0
Search vendor "Suse" for product "Linux Enterprise Server" and version "11.0"
sp3
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Server
Search vendor "Suse" for product "Linux Enterprise Server"
 11.0
Search vendor "Suse" for product "Linux Enterprise Server" and version "11.0"
sp3, vmware
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Server
Search vendor "Suse" for product "Linux Enterprise Server"
 11.0
Search vendor "Suse" for product "Linux Enterprise Server" and version "11.0"
sp4
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Server
Search vendor "Suse" for product "Linux Enterprise Server"
 12
Search vendor "Suse" for product "Linux Enterprise Server" and version "12"
sp1
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Software Development Kit
Search vendor "Suse" for product "Linux Enterprise Software Development Kit"
 11.0
Search vendor "Suse" for product "Linux Enterprise Software Development Kit" and version "11.0"
sp3
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Software Development Kit
Search vendor "Suse" for product "Linux Enterprise Software Development Kit"
 11.0
Search vendor "Suse" for product "Linux Enterprise Software Development Kit" and version "11.0"
sp4
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Software Development Kit
Search vendor "Suse" for product "Linux Enterprise Software Development Kit"
 12
Search vendor "Suse" for product "Linux Enterprise Software Development Kit" and version "12"
-
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Software Development Kit
Search vendor "Suse" for product "Linux Enterprise Software Development Kit"
 12
Search vendor "Suse" for product "Linux Enterprise Software Development Kit" and version "12"
sp1
Affected
Suse
Search vendor "Suse"
 Suse Linux Enterprise Server
Search vendor "Suse" for product "Suse Linux Enterprise Server"
 12
Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "12"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 23
Search vendor "Fedoraproject" for product "Fedora" and version "23"
-
Affected
Gnu
Search vendor "Gnu"
 Glibc
Search vendor "Gnu" for product "Glibc"
 <= 2.22
Search vendor "Gnu" for product "Glibc" and version " <= 2.22"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 12.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04"
lts
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 14.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"
lts
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 15.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "15.10"
-
Affected