CVE-2014-9273 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.6 UNKNOWN	LOCAL	LOW		AV:L/AC:L/Au:N/C:P/I:P/A:P
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 40%

Vendor	Product	Version
opensuse	opensuse	13.1
opensuse	opensuse	13.2
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_hpc_node	6.0
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_workstation	6.0
redhat	enterprise_linux_workstation	7.0
debian	hivex	𝑥 ≤ 1.3.10-2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

hivex

bullseye	1.3.20-1 fixed
wheezy	no-dsa
squeeze	no-dsa
bookworm	1.3.23-1 fixed
sid	1.3.24-1 fixed
trixie	1.3.24-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

hivex

disco	not-affected
cosmic	not-affected
bionic	not-affected
artful	not-affected
zesty	not-affected
yakkety	not-affected
xenial	not-affected
wily	not-affected
vivid	not-affected
utopic	ignored
trusty	dne
precise	ignored
lucid	dne

Known Exploits!

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://lists.opensuse.org/opensuse-updates/2015-02/msg00005.html

http://rhn.redhat.com/errata/RHSA-2015-0301.html

http://rhn.redhat.com/errata/RHSA-2015-1378.html

http://secunia.com/advisories/62792

http://www.openwall.com/lists/oss-security/2014/11/25/6

http://www.openwall.com/lists/oss-security/2014/12/04/14

http://www.securityfocus.com/bid/71279

https://bugzilla.redhat.com/show_bug.cgi?id=1167756

https://github.com/libguestfs/hivex/commit/357f26fa64fd1d9ccac2331fe174a8ee9c607adb

https://github.com/libguestfs/hivex/commit/4bbdf555f88baeae0fa804a369a81a83908bd705

https://security.gentoo.org/glsa/201503-07

https://www.redhat.com/archives/libguestfs/2014-October/msg00235.html

http://lists.opensuse.org/opensuse-updates/2015-02/msg00005.html

http://rhn.redhat.com/errata/RHSA-2015-0301.html

http://rhn.redhat.com/errata/RHSA-2015-1378.html

http://secunia.com/advisories/62792

http://www.openwall.com/lists/oss-security/2014/11/25/6

http://www.openwall.com/lists/oss-security/2014/12/04/14

http://www.securityfocus.com/bid/71279

https://bugzilla.redhat.com/show_bug.cgi?id=1167756

https://github.com/libguestfs/hivex/commit/357f26fa64fd1d9ccac2331fe174a8ee9c607adb

https://github.com/libguestfs/hivex/commit/4bbdf555f88baeae0fa804a369a81a83908bd705

https://security.gentoo.org/glsa/201503-07

https://www.redhat.com/archives/libguestfs/2014-October/msg00235.html