Lucene search

[email protected]CVE-2017-14648

HistorySep 21, 2017 - 5:29 p.m.

CVE-2017-14648

2017-09-2117:29:00

CWE-787

[email protected]

web.nvd.nist.gov

cve-2017-14648

buffer overflow

bladeenc

version 0.94.2

denial of service

code execution

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.053 Low

EPSS

Percentile

93.1%

JSON

A global buffer overflow was discovered in the iteration_loop function in loop.c in BladeEnc version 0.94.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.

Affected configurations

NVD

Node

bladeencbladeencMatch0.94.2

CPENameOperatorVersion
bladeenc:bladeencbladeenceq0.94.2

CPE	Name	Operator	Version
bladeenc:bladeenc	bladeenc	eq	0.94.2

References

blogs.gentoo.org/ago/2017/09/19/bladeenc-global-buffer-overflow-in-iteration_loop-loop-c/

security.gentoo.org/glsa/202107-18

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.053 Low

EPSS

Percentile

93.1%

JSON

Related for CVE-2017-14648

nessus1 cvelist1 prion1 nvd1 gentoo1