CVE-2014-0469

Stack-based buffer overflow in a certain Debian patch for xbuffy before 3.3.bl.3.dfsg-9 allows remote attackers to execute arbitrary code via the subject of an email, possibly related to indent subject lines.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
debianCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
VendorProductVersion
debianxbuffy
𝑥
≤ 3.3.bl.3.dfsg-8
debianxbuffy
3.2.1-1
debianxbuffy
3.2.1-2
debianxbuffy
3.2.1-3
debianxbuffy
3.2.1-4
debianxbuffy
3.3-1
debianxbuffy
3.3.b1.3-4:b1.3
debianxbuffy
3.3.bl.2-1:bl.2
debianxbuffy
3.3.bl.3-1:bl.3
debianxbuffy
3.3.bl.3-2:bl.3
debianxbuffy
3.3.bl.3-3:bl.3
debianxbuffy
3.3.bl.3-5:bl.3
debianxbuffy
3.3.bl.3-6:bl.3
debianxbuffy
3.3.bl.3-7:bl.3
debianxbuffy
3.3.bl.3-8:bl.3
debianxbuffy
3.3.bl.3-9:bl.3
debianxbuffy
3.3.bl.3-10:bl.3
debianxbuffy
3.3.bl.3-11:bl.3
debianxbuffy
3.3.bl.3-12:bl.3
debianxbuffy
3.3.bl.3-13:bl.3
debianxbuffy
3.3.bl.3-14:bl.3
debianxbuffy
3.3.bl.3-15:bl.3
debianxbuffy
3.3.bl.3-16:bl.3
debianxbuffy
3.3.bl.3-17:bl.3
debianxbuffy
3.3.bl.3-18:bl.3
debianxbuffy
3.3.bl.3-19:bl.3
debianxbuffy
3.3.bl.3-20:bl.3
debianxbuffy
3.3.bl.3-21:bl.3
debianxbuffy
3.3.bl.3-22:bl.3
debianxbuffy
3.3.bl.3-23:bl.3
debianxbuffy
3.3.bl.3-24:bl.3
debianxbuffy
3.3.bl.3-25:bl.3
debianxbuffy
3.3.bl.3.dfsg-1:bl.3
debianxbuffy
3.3.bl.3.dfsg-2:bl.3
debianxbuffy
3.3.bl.3.dfsg-3:bl.3
debianxbuffy
3.3.bl.3.dfsg-4:bl.3
debianxbuffy
3.3.bl.3.dfsg-5:bl.3
debianxbuffy
3.3.bl.3.dfsg-6:bl.3
debianxbuffy
3.3.bl.3.dfsg-7:bl.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xbuffy
bookworm
3.3.bl.3.dfsg-10
fixed
bullseye
3.3.bl.3.dfsg-10
fixed
sid
3.3.bl.3.dfsg-11
fixed
trixie
3.3.bl.3.dfsg-11
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xbuffy
vivid
not-affected
utopic
not-affected
trusty
Fixed 3.3.bl.3.dfsg-8+deb7u1build0.14.04.1
released
saucy
ignored
quantal
ignored
precise
Fixed 3.3.bl.3.dfsg-8+deb7u1build0.12.04.1
released
lucid
ignored
Common Weakness Enumeration
References
http://packages.qa.debian.org/x/xbuffy/news/20140427T181904Z.html
http://www.debian.org/security/2014/dsa-2921
http://www.openwall.com/lists/oss-security/2014/04/28/3
http://www.securityfocus.com/bid/67090
http://packages.qa.debian.org/x/xbuffy/news/20140427T181904Z.html
http://www.debian.org/security/2014/dsa-2921
http://www.openwall.com/lists/oss-security/2014/04/28/3
http://www.securityfocus.com/bid/67090