VDB
CVE-2014-9862
CVE-2014-9862
PUBLISHED
Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file.
EPSS 9.00% · 92.8th percentile
Risk Scores
EPSS Score
9.00%
92.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | bsdiff | 4.3-15, 0 |
Exploit Intelligence
- Kouf320/attacker-lab-cve-2017-5638-cve-2021-41773-paper (github-poc)
- Kouf320/attacker-lab-cve-2017-5638-cve-2021-41773-paper (github-poc)
- Kouf320/attacker-lab-cve-2017-5638-cve-2021-41773-paper (github-poc)
- Kouf320/attacker-lab-cve-2017-5638-cve-2021-41773-paper (github-poc)
- Kouf320/attacker-lab-cve-2017-5638-cve-2021-41773-paper (github-poc)
- Kouf320/attacker-lab-cve-2017-5638-cve-2021-41773-paper (github-poc)
- Using Struts2 and PowerShell to recreate CVE-2017-5638 OGNL Injection vulnerability. (github-poc)
- Using Struts2 and PowerShell to recreate CVE-2017-5638 OGNL Injection vulnerability. (github-poc)
- Using Struts2 and PowerShell to recreate CVE-2017-5638 OGNL Injection vulnerability. (github-poc)
- Using Struts2 and PowerShell to recreate CVE-2017-5638 OGNL Injection vulnerability. (github-poc)
…and 592 more exploits
Timeline
- Jul 19, 2016 CVE Published
- Oct 2, 2020 PoC Published
- Nov 6, 2020 PoC Published
- Sep 6, 2021 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2014-9862 third-party-advisory
- http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html third-party-advisory
- https://android.googlesource.com/platform/external/bsdiff/+/4d054795b673855e3a7556c6f2f7ab99ca509998 third-party-advisory
- https://bugs.chromium.org/p/chromium/issues/detail?id=372525 third-party-advisory
- https://chromium.googlesource.com/chromiumos/third_party/bsdiff/+/d0307d1711bd74e51b783a49f9160775aa22e659 third-party-advisory
- https://support.apple.com/HT206903 third-party-advisory
- https://ubuntu.com/security/notices/USN-4500-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2014-9862 third-party-advisory