Lucene search

[email protected]NVD:CVE-2014-1236

HistoryJan 10, 2014 - 3:55 p.m.

CVE-2014-1236

2014-01-1015:55:06

CWE-119

[email protected]

web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

High

0.034 Low

EPSS

Percentile

91.4%

JSON

Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a “badly formed number” and a “long digit list.”

Affected configurations

NVD

Node

graphvizgraphvizMatch2.34.0

References

osvdb.org/101851

seclists.org/oss-sec/2014/q1/46

seclists.org/oss-sec/2014/q1/51

seclists.org/oss-sec/2014/q1/54

secunia.com/advisories/55666

secunia.com/advisories/56244

www.debian.org/security/2014/dsa-2843

www.mandriva.com/security/advisories?name=MDVSA-2014:024

www.securityfocus.com/bid/64737

bugzilla.redhat.com/show_bug.cgi?id=1050872

github.com/ellson/graphviz/commit/1d1bdec6318746f6f19f245db589eddc887ae8ff

security.gentoo.org/glsa/201702-06

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

High

0.034 Low

EPSS

Percentile

91.4%

JSON

Related for NVD:CVE-2014-1236

cve1 ubuntucve1 debiancve1 cvelist1 prion1 nessus9 debian2 openvas13 mageia1 securityvulns2 osv1 fedora4 gentoo1 ubuntu1 amazon2