CVE-2014-9761
glibc: Unbounded stack allocation in nan* functions
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.
Múltiples desbordamientos de buffer basado en pila en la GNU C Library (también conocida como glibc o libc6) en versiones anteriores a 2.23 permiten a atacantes dependientes del contexto causar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbirario a través de un argumento largo en la función (1) nan, (2) nanf o (3) nanl.
A stack overflow vulnerability was found in nan* functions that could cause applications, which process long strings with the nan function, to crash or, potentially, execute arbitrary code.
Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-05-26 CVE Published
- 2016-01-19 CVE Reserved
- 2024-05-19 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (24)
URL | Tag | Source |
---|---|---|
http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html | X_refsource_misc | |
http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html | X_refsource_misc | |
http://seclists.org/fulldisclosure/2019/Jun/18 | Mailing List | |
http://seclists.org/fulldisclosure/2019/Sep/7 | Mailing List | |
http://www.openwall.com/lists/oss-security/2016/01/19/11 | Mailing List | |
http://www.openwall.com/lists/oss-security/2016/01/20/1 | Mailing List | |
http://www.securityfocus.com/bid/83306 | Vdb Entry | |
https://seclists.org/bugtraq/2019/Jun/14 | Mailing List | |
https://seclists.org/bugtraq/2019/Sep/7 | Mailing List | |
https://sourceware.org/bugzilla/show_bug.cgi?id=16962 | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Suse Search vendor "Suse" | Linux Enterprise Debuginfo Search vendor "Suse" for product "Linux Enterprise Debuginfo" | 11.0 Search vendor "Suse" for product "Linux Enterprise Debuginfo" and version "11.0" | sp2 |
Affected
| ||||||
Suse Search vendor "Suse" | Linux Enterprise Debuginfo Search vendor "Suse" for product "Linux Enterprise Debuginfo" | 11.0 Search vendor "Suse" for product "Linux Enterprise Debuginfo" and version "11.0" | sp3 |
Affected
| ||||||
Suse Search vendor "Suse" | Linux Enterprise Debuginfo Search vendor "Suse" for product "Linux Enterprise Debuginfo" | 11.0 Search vendor "Suse" for product "Linux Enterprise Debuginfo" and version "11.0" | sp4 |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.2 Search vendor "Opensuse" for product "Opensuse" and version "13.2" | - |
Affected
| ||||||
Suse Search vendor "Suse" | Linux Enterprise Desktop Search vendor "Suse" for product "Linux Enterprise Desktop" | 11.0 Search vendor "Suse" for product "Linux Enterprise Desktop" and version "11.0" | sp3 |
Affected
| ||||||
Suse Search vendor "Suse" | Linux Enterprise Desktop Search vendor "Suse" for product "Linux Enterprise Desktop" | 11.0 Search vendor "Suse" for product "Linux Enterprise Desktop" and version "11.0" | sp4 |
Affected
| ||||||
Suse Search vendor "Suse" | Linux Enterprise Desktop Search vendor "Suse" for product "Linux Enterprise Desktop" | 12 Search vendor "Suse" for product "Linux Enterprise Desktop" and version "12" | - |
Affected
| ||||||
Suse Search vendor "Suse" | Linux Enterprise Desktop Search vendor "Suse" for product "Linux Enterprise Desktop" | 12 Search vendor "Suse" for product "Linux Enterprise Desktop" and version "12" | sp1 |
Affected
| ||||||
Suse Search vendor "Suse" | Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server" | 11.0 Search vendor "Suse" for product "Linux Enterprise Server" and version "11.0" | sp2, lts |
Affected
| ||||||
Suse Search vendor "Suse" | Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server" | 11.0 Search vendor "Suse" for product "Linux Enterprise Server" and version "11.0" | sp3 |
Affected
| ||||||
Suse Search vendor "Suse" | Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server" | 11.0 Search vendor "Suse" for product "Linux Enterprise Server" and version "11.0" | sp3, vmware |
Affected
| ||||||
Suse Search vendor "Suse" | Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server" | 11.0 Search vendor "Suse" for product "Linux Enterprise Server" and version "11.0" | sp4 |
Affected
| ||||||
Suse Search vendor "Suse" | Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server" | 12 Search vendor "Suse" for product "Linux Enterprise Server" and version "12" | sp1 |
Affected
| ||||||
Suse Search vendor "Suse" | Linux Enterprise Software Development Kit Search vendor "Suse" for product "Linux Enterprise Software Development Kit" | 11.0 Search vendor "Suse" for product "Linux Enterprise Software Development Kit" and version "11.0" | sp3 |
Affected
| ||||||
Suse Search vendor "Suse" | Linux Enterprise Software Development Kit Search vendor "Suse" for product "Linux Enterprise Software Development Kit" | 11.0 Search vendor "Suse" for product "Linux Enterprise Software Development Kit" and version "11.0" | sp4 |
Affected
| ||||||
Suse Search vendor "Suse" | Linux Enterprise Software Development Kit Search vendor "Suse" for product "Linux Enterprise Software Development Kit" | 12 Search vendor "Suse" for product "Linux Enterprise Software Development Kit" and version "12" | - |
Affected
| ||||||
Suse Search vendor "Suse" | Linux Enterprise Software Development Kit Search vendor "Suse" for product "Linux Enterprise Software Development Kit" | 12 Search vendor "Suse" for product "Linux Enterprise Software Development Kit" and version "12" | sp1 |
Affected
| ||||||
Suse Search vendor "Suse" | Suse Linux Enterprise Server Search vendor "Suse" for product "Suse Linux Enterprise Server" | 12 Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "12" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 23 Search vendor "Fedoraproject" for product "Fedora" and version "23" | - |
Affected
| ||||||
Gnu Search vendor "Gnu" | Glibc Search vendor "Gnu" for product "Glibc" | <= 2.22 Search vendor "Gnu" for product "Glibc" and version " <= 2.22" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 15.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "15.10" | - |
Affected
|