Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2014-9862

Published: 22/07/2016 Updated: 17/09/2020
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 642
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X prior to 10.11.6 and other products, allows remote malicious users to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple mac os x

Mailing Lists

Full Disclosure: X41 D-Sec GmbH Security Advisory X41-2020-006: Memory Corruption Vulnerability in bspatch
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 X41 D-SEC GmbH Security Advisory: X41-2020-006 Advisory X41-2020-006: Memory Corruption Vulnerability in bspatch ================================================================= Severity Rating: High Confirmed Affected Versions: Colin Percival's bsdiff 43 Confirmed Patched Versions: FreeBSD's bsd ...
Full Disclosure: X41 D-Sec GmbH Security Advisory X41-2020-006: Memory Corruption Vulnerability in bspatch
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 X41 D-SEC GmbH Security Advisory: X41-2020-006 Advisory X41-2020-006: Memory Corruption Vulnerability in bspatch ================================================================= Severity Rating: High Confirmed Affected Versions: Colin Percival's bsdiff 43 Confirmed Patched Versions: FreeBSD's bsd ...

Github Repositories

https://github.com/petervas/bsdifflib

Portable binary diff/patch library based on the binary diff/patch utilities bsdiff/bspatch

Binary diff/patch library (bsdifflib/bspatchlib) 12 is based on the original binary diff/patch utility (bsdiff/bspatch) by Colin Percival and the Win32 port by Andreas John Binary diff/patch library adds an API to make it usable as a cross-platform C/C++ library This library generates patches that are compatible with the original bsdiff tool The patch routine now works on m

https://github.com/VGtalion/bsdiff

Binary diff/patch utility

bsdiff 431 This is based on the source code of bsdiff 43 (and bspatch 43), from daemonology : wwwdaemonologynet/bsdiff/ The folloowing debian patches have been applyed : 10-no-bsd-makepatch 20-CVE-2014-9862patch 30-bug-632585-mmap-src-file-instead-of-malloc-read-itpatch 31-bug-632585-mmap-dst-file-instead-of-malloc-read-itpatch 32-bug-632585-use-int32_t-inste

References

CWE-190https://android.googlesource.com/platform/external/bsdiff/+/4d054795b673855e3a7556c6f2f7ab99ca509998https://chromium.googlesource.com/chromiumos/third_party/bsdiff/+/d0307d1711bd74e51b783a49f9160775aa22e659http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.htmlhttps://support.apple.com/HT206903https://bugs.chromium.org/p/chromium/issues/detail?id=372525https://security.FreeBSD.org/advisories/FreeBSD-SA-16:25.bspatch.aschttp://www.securityfocus.com/bid/91824http://lists.opensuse.org/opensuse-updates/2016-08/msg00026.htmlhttp://www.securitytracker.com/id/1036438https://lists.debian.org/debian-lts-announce/2019/11/msg00028.htmlhttps://security.gentoo.org/glsa/202003-44http://www.openwall.com/lists/oss-security/2020/07/09/2http://seclists.org/fulldisclosure/2020/Jul/8https://usn.ubuntu.com/4500-1/https://nvd.nist.govhttp://seclists.org/fulldisclosure/2020/Jul/8https://github.com/petervas/bsdifflib
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypassopen redirectCVE-2024-4358CVE-2024-24199CVE-2024-5550CVE-2024-5305CVE-2024-30373CVE-2024-1800deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook