CVE-2014-8964 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:N/I:N/A:P
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 87%

Vendor	Product	Version
pcre	pcre	𝑥 ≤ 8.36
mariadb	mariadb	10.0.0 ≤ 𝑥 < 10.0.18
opensuse	opensuse	13.1
opensuse	opensuse	13.2
oracle	solaris	11.2
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_eus	7.3
redhat	enterprise_linux_eus	7.4
redhat	enterprise_linux_eus	7.5
redhat	enterprise_linux_eus	7.6
redhat	enterprise_linux_eus	7.7
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server_aus	7.3
redhat	enterprise_linux_server_aus	7.4
redhat	enterprise_linux_server_aus	7.6
redhat	enterprise_linux_server_aus	7.7
redhat	enterprise_linux_server_tus	7.3
redhat	enterprise_linux_server_tus	7.6
redhat	enterprise_linux_server_tus	7.7
redhat	enterprise_linux_workstation	7.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

pcre3

bullseye	2:8.39-13 fixed
wheezy	no-dsa
squeeze	no-dsa
bookworm	2:8.39-15 fixed
sid	2:8.39-15.1 fixed

Ubuntu Releases

Ubuntu Product

Codename

mariadb-10.0

wily	Fixed 10.0.20-0ubuntu0.15.04.1 released
vivid	Fixed 10.0.20-0ubuntu0.15.04.1 released
utopic	dne
trusty	dne
precise	dne

pcre3

wily	not-affected
vivid	not-affected
utopic	ignored
trusty	Fixed 1:8.31-2ubuntu2.1 released
precise	not-affected
lucid	ignored

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://advisories.mageia.org/MGASA-2014-0534.html

http://bugs.exim.org/show_bug.cgi?id=1546

http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145843.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147474.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147511.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147516.html

http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html

http://rhn.redhat.com/errata/RHSA-2015-0330.html

http://www.exim.org/viewvc/pcre?view=revision&revision=1513

http://www.mandriva.com/security/advisories?name=MDVSA-2015:002

http://www.mandriva.com/security/advisories?name=MDVSA-2015:137

http://www.openwall.com/lists/oss-security/2014/11/21/6

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

http://www.securityfocus.com/bid/71206

https://bugzilla.redhat.com/show_bug.cgi?id=1166147

https://security.gentoo.org/glsa/201607-02

http://advisories.mageia.org/MGASA-2014-0534.html

http://bugs.exim.org/show_bug.cgi?id=1546

http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145843.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147474.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147511.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147516.html

http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html

http://rhn.redhat.com/errata/RHSA-2015-0330.html

http://www.exim.org/viewvc/pcre?view=revision&revision=1513

http://www.mandriva.com/security/advisories?name=MDVSA-2015:002

http://www.mandriva.com/security/advisories?name=MDVSA-2015:137

http://www.openwall.com/lists/oss-security/2014/11/21/6

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

http://www.securityfocus.com/bid/71206

https://bugzilla.redhat.com/show_bug.cgi?id=1166147

https://security.gentoo.org/glsa/201607-02