VDB
CVE-2014-6262
CVE-2014-6262
PUBLISHED
Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph function, aka ZEN-15415, a related issue to CVE-2013-2131.
EPSS 19.69% · 95.6th percentile
Risk Scores
EPSS Score
19.69%
95.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | rrdtool | 1.4.7-2ubuntu3, 1.4.7-2ubuntu4, 0 |
Exploit Intelligence
- https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing (circl)
- http://www.kb.cert.org/vuls/id/449452 (circl)
- https://www.securityfocus.com/bid/71540 (circl)
- https://github.com/oetiker/rrdtool-1.x/pull/532 (circl)
- https://github.com/oetiker/rrdtool-1.x/commit/64ed5314af1255ab6dded45f70b39cdeab5ae2ec (circl)
- https://github.com/oetiker/rrdtool-1.x/commit/85261a013112e278c90224033f5b0592ee387786 (circl)
- [debian-lts-announce] 20200301 [SECURITY] [DLA 2131-1] rrdtool security update (circl)
- [debian-lts-announce] 20200302 [SECURITY] [DLA 2131-2] rrdtool regression update (circl)
Timeline
- Feb 12, 2020 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 8, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2014-6262 third-party-advisory
- https://github.com/oetiker/rrdtool-1.x/pull/532 third-party-advisory
- https://github.com/oetiker/rrdtool-1.x/commit/64ed5314af1255ab6dded45f70b39cdeab5ae2ec third-party-advisory
- https://github.com/oetiker/rrdtool-1.x/commit/85261a013112e278c90224033f5b0592ee387786 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2014-6262 third-party-advisory