Lucene search

Ubuntu.comUB:CVE-2014-5044

HistoryMar 07, 2018 - 12:00 a.m.

CVE-2014-5044

2018-03-0700:00:00

ubuntu.com

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.026

Percentile

90.4%

JSON

Multiple integer overflows in libgfortran might allow remote attackers to
execute arbitrary code or cause a denial of service (Fortran application
crash) via vectors related to array allocation.

Notes

Author	Note
sbeattie	issues are in libgfortran/fortran runtime gcc-avr only builds gcc and g++ compilers/runtimes gcc-X.X-cross packages have fortran compiler/runtimes in universe gcc-XX-defaults packages do not actually include gcc, just symlinks to the default version to use per release/arch/tool gccgo packages are (surprise!) only interested in go runtimes gcc-opt is a wrapper for setting gcc arguments
eslerm	addressed in gcc-5.1.0 by 92e6f3a43ec (“Introduce xmallocarray, an overflow checking variant of xmalloc.”)

OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchgcc-4.7< anyUNKNOWN
ubuntu16.04noarchgcc-4.7< anyUNKNOWN
ubuntu16.04noarchgcc-4.7-armel-cross< anyUNKNOWN
ubuntu16.04noarchgcc-4.7-armhf-cross< anyUNKNOWN
ubuntu14.04noarchgcc-4.8< 4.8.4-2ubuntu1~14.04UNKNOWN
ubuntu14.04noarchgcc-4.8-arm64-cross< 0.11.1UNKNOWN
ubuntu14.04noarchgcc-4.8-armhf-cross< 0.11.1UNKNOWN
ubuntu16.04noarchgcc-4.9< 4.9.1-4ubuntu1UNKNOWN
ubuntu16.04noarchgcc-arm-linux-androideabi< anyUNKNOWN
ubuntu16.04noarchgcc-arm-none-eabi< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	14.04	noarch	gcc-4.7	< any	UNKNOWN
ubuntu	16.04	noarch	gcc-4.7	< any	UNKNOWN
ubuntu	16.04	noarch	gcc-4.7-armel-cross	< any	UNKNOWN
ubuntu	16.04	noarch	gcc-4.7-armhf-cross	< any	UNKNOWN
ubuntu	14.04	noarch	gcc-4.8	< 4.8.4-2ubuntu1~14.04	UNKNOWN
ubuntu	14.04	noarch	gcc-4.8-arm64-cross	< 0.11.1	UNKNOWN
ubuntu	14.04	noarch	gcc-4.8-armhf-cross	< 0.11.1	UNKNOWN
ubuntu	16.04	noarch	gcc-4.9	< 4.9.1-4ubuntu1	UNKNOWN
ubuntu	16.04	noarch	gcc-arm-linux-androideabi	< any	UNKNOWN
ubuntu	16.04	noarch	gcc-arm-none-eabi	< any	UNKNOWN

Rows per page:

1-10 of 111

References

www.openwall.com/lists/oss-security/2014/07/23/7

gcc.gnu.org/viewcvs/gcc?limit_changes=0&view=revision&revision=211721

launchpad.net/bugs/cve/CVE-2014-5044

nvd.nist.gov/vuln/detail/CVE-2014-5044

security-tracker.debian.org/tracker/CVE-2014-5044

www.cve.org/CVERecord?id=CVE-2014-5044

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.026

Percentile

90.4%

JSON

Related for UB:CVE-2014-5044