VDB
CVE-2014-9273
CVE-2014-9273
PUBLISHED
CVSS 4.599999904632568 MEDIUM
lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write.
EPSS 0.18% · 39.3th percentile
Risk Scores
CVSS 2.0
4.599999904632568
EPSS Score
0.18%
39.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| redhat | enterprise_linux_hpc_node | 6.0 |
| debian | hivex | 0 |
| redhat | enterprise_linux_server | 6.0, 7.0 |
| n/a | n/a | n/a |
| redhat | enterprise_linux_desktop | 6.0, 7.0 |
| opensuse | opensuse | 13.2, 13.1 |
| redhat | enterprise_linux_workstation | 6.0, 7.0 |
Timeline
- Dec 8, 2014 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- GLSA-201503-07 vendor-advisory
- https://github.com/libguestfs/hivex/commit/4bbdf555f88baeae0fa804a369a81a83908bd705 url
- openSUSE-SU-2015:0189 vendor-advisory
- 71279 vdb
- [oss-security] 20141204 Re: CVE request: missing checks for small-sized files in hivex mailing-list
- https://bugzilla.redhat.com/show_bug.cgi?id=1167756 url
- RHSA-2015:0301 vendor-advisory
- https://github.com/libguestfs/hivex/commit/357f26fa64fd1d9ccac2331fe174a8ee9c607adb url
- [oss-security] 20141125 CVE request: missing checks for small-sized files in hivex mailing-list
- [Libguestfs] 20141029 [libhivex] Undefined behavior when accessing invalid (too small) registry hives mailing-list
- RHSA-2015:1378 vendor-advisory
- 62792 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2014-9273 advisory