Lucene search

[email protected]CVE-2014-1236

HistoryJan 10, 2014 - 3:55 p.m.

CVE-2014-1236

2014-01-1015:55:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2014-1236

buffer overflow

graphviz 2.34.0

vulnerability

security advisory

7.7 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.034 Low

EPSS

Percentile

91.4%

JSON

Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a “badly formed number” and a “long digit list.”

CPENameOperatorVersion
graphviz:graphvizgraphvizeq2.34.0

CPE	Name	Operator	Version
graphviz:graphviz	graphviz	eq	2.34.0

References

osvdb.org/101851

seclists.org/oss-sec/2014/q1/46

seclists.org/oss-sec/2014/q1/51

seclists.org/oss-sec/2014/q1/54

secunia.com/advisories/55666

secunia.com/advisories/56244

www.debian.org/security/2014/dsa-2843

www.mandriva.com/security/advisories?name=MDVSA-2014:024

www.securityfocus.com/bid/64737

bugzilla.redhat.com/show_bug.cgi?id=1050872

github.com/ellson/graphviz/commit/1d1bdec6318746f6f19f245db589eddc887ae8ff

security.gentoo.org/glsa/201702-06

7.7 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.034 Low

EPSS

Percentile

91.4%

JSON

Related for CVE-2014-1236

prion1 cvelist1 debiancve1 ubuntucve1 nessus8 securityvulns2 openvas13 osv1 debian2 mageia1 amazon2 ubuntu1 gentoo1 fedora4