Vulners
Lucene search
GLSA-201701-40 : xdelta: User-assisted execution of arbitrary code
| Reporter | Title | Published | Views | Family All 43 |
|---|---|---|---|---|
 | xdelta3 Buffer Overflow Vulnerability | 21 Apr 201600:00 | – | cnvd |
 | CVE-2014-9765 | 19 Apr 201621:00 | – | cve |
 | CVE-2014-9765 | 19 Apr 201621:00 | – | cvelist |
 | [SECURITY] [DLA 417-1] xdelta3 security update | 16 Feb 201610:32 | – | debian |
| [SECURITY] [DLA 420-1] libmatroska security update | 18 Feb 201615:59 | – | debian |
| [SECURITY] [DSA 3484-1] xdelta3 security update | 19 Feb 201615:46 | – | debian |
| [SECURITY] [DSA 3484-1] xdelta3 security update | 19 Feb 201615:46 | – | debian |
 | CVE-2014-9765 | 19 Apr 201621:00 | – | debiancve |
 | Debian DLA-417-1 : xdelta3 security update | 17 Feb 201600:00 | – | nessus |
| Debian DLA-420-1 : libmatroska security update | 19 Feb 201600:00 | – | nessus |
10
| Source | Link |
|---|---|
| security | www.security.gentoo.org/glsa/201701-40 |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201701-40.
#
# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(96544);
script_version("3.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/05");
script_cve_id("CVE-2014-9765");
script_xref(name:"GLSA", value:"201701-40");
script_name(english:"GLSA-201701-40 : xdelta: User-assisted execution of arbitrary code");
script_set_attribute(attribute:"synopsis", value:
"The remote Gentoo host is missing one or more security-related
patches.");
script_set_attribute(attribute:"description", value:
"The remote host is affected by the vulnerability described in GLSA-201701-40
(xdelta: User-assisted execution of arbitrary code)
A buffer overflow can be triggered within xdelta when ran against a
malicious input file.
Impact :
A remote attacker could coerce the victim to run xdelta against a
malicious input file. This may be leveraged by an attacker to crash
xdelta and gain control of program execution.
Workaround :
There is no known workaround at this time.");
script_set_attribute(attribute:"see_also", value:"https://security.gentoo.org/glsa/201701-40");
script_set_attribute(attribute:"solution", value:
"All xdelta users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-util/xdelta-3.0.10'");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-9765");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"patch_publication_date", value:"2017/01/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/17");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xdelta");
script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Gentoo Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2017-2026 Tenable Network Security, Inc.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (qpkg_check(package:"dev-util/xdelta", unaffected:make_list("ge 3.0.10"), vulnerable:make_list("lt 3.0.10"))) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = qpkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xdelta");
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
05 Jan 2026 00:00Current
8.3High risk
Vulners AI Score8.3
CVSS 26.8
CVSS 38.8
EPSS0.02475