Published: 19/04/2016 Updated: 13/06/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Subscribe to Linux Enterprise Software Development Kit

Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) prior to 2.23 allow context-dependent malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
suse linux enterprise software development kit 11.0
suse suse linux enterprise server 12
suse linux enterprise desktop 12
suse linux enterprise desktop 11.0
suse linux enterprise server 11.0
suse linux enterprise server 12
suse linux enterprise debuginfo 11.0
opensuse opensuse 13.2
suse linux enterprise software development kit 12
fedoraproject fedora 23
gnu glibc
canonical ubuntu linux 12.04
canonical ubuntu linux 14.04
canonical ubuntu linux 15.10

Synopsis Moderate: glibc security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for glibc is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base s ...

Several security issues were fixed in the GNU C Library ...

USN-2985-1 introduced a regression in the GNU C Library ...

Debian Bug report logs - #813187 glibc: CVE-2014-9761: Unbounded stack allocation in nan* functions Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 30 Jan 2016 09:33:11 UTC Severity: normal Tags: fix ...

Debian Bug report logs - #812441 glibc: CVE-2015-8778: Integer overflow in hcreate and hcreate_r Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 23 Jan 2016 23:36:02 UTC Severity: important Tags: fix ...

Debian Bug report logs - #812445 glibc: CVE-2015-8776: Segmentation fault caused by passing out-of-range data to strftime() Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 23 Jan 2016 23:42:02 UTC Se ...

Debian Bug report logs - #812455 glibc: CVE-2015-8779: Unbounded stack allocation in catopen function Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 24 Jan 2016 00:45:01 UTC Severity: important Tags ...

Unbounded stack allocation in catopen functionA stack based buffer overflow vulnerability was found in the catopen() function An excessively long string passed to the function could cause it to crash or, potentially, execute arbitrary code(CVE-2015-8779) Integer overflow in hcreate and hcreate_rAn integer overflow vulnerability was found in hcrea ...

A stack overflow vulnerability was found in nan* functions that could cause applications, which process long strings with the nan function, to crash or, potentially, execute arbitrary code ...

The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware Furthermore, hardcoded password hashes and credentials were also found by doing an automated scan with IoT Inspector ...

Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities ...

Full Disclosure mailing list archives   By Date By Thread </form>    SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series <!--X-Subject-Heade ...

Full Disclosure mailing list archives   By Date By Thread </form>    SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X <!--X-Subject-Head ...

CWE-119 http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html http://www.openwall.com/lists/oss-security/2016/01/19/11 https://www.sourceware.org/ml/libc-alpha/2016-02/msg00502.html http://www.openwall.com/lists/oss-security/2016/01/20/1 http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html https://sourceware.org/bugzilla/show_bug.cgi?id=16962 http://www.ubuntu.com/usn/USN-2985-2 http://www.ubuntu.com/usn/USN-2985-1 http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html http://www.securityfocus.com/bid/83306 https://security.gentoo.org/glsa/201702-11 https://access.redhat.com/errata/RHSA-2017:1916 http://rhn.redhat.com/errata/RHSA-2017-0680.html http://seclists.org/fulldisclosure/2019/Jun/18 https://seclists.org/bugtraq/2019/Jun/14 http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html http://seclists.org/fulldisclosure/2019/Sep/7 https://seclists.org/bugtraq/2019/Sep/7 http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html https://access.redhat.com/errata/RHSA-2017:0680 https://nvd.nist.gov https://usn.ubuntu.com/2985-1/

CVE-2014-9761

Vulnerability Summary

Vendor Advisories

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect