CVE-2014-5119

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.

References

http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html

http://linux.oracle.com/errata/ELSA-2015-0092.html

http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00017.html

http://rhn.redhat.com/errata/RHSA-2014-1118.html

http://seclists.org/fulldisclosure/2014/Aug/69

http://secunia.com/advisories/60345

http://secunia.com/advisories/60358

http://secunia.com/advisories/60441

http://secunia.com/advisories/61074

http://secunia.com/advisories/61093

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-5119

http://www.debian.org/security/2014/dsa-3012

http://www.mandriva.com/security/advisories?name=MDVSA-2014:175

http://www.openwall.com/lists/oss-security/2014/07/14/1

http://www.openwall.com/lists/oss-security/2014/08/13/5

http://www.securityfocus.com/bid/68983

http://www.securityfocus.com/bid/69738

http://www-01.ibm.com/support/docview.wss?uid=swg21685604

https://code.google.com/p/google-security-research/issues/detail?id=96

https://rhn.redhat.com/errata/RHSA-2014-1110.html

https://security.gentoo.org/glsa/201602-02

https://sourceware.org/bugzilla/show_bug.cgi?id=17187

Details

Source: MITRE

Published: 2014-08-29

Updated: 2020-03-31

Type: CWE-189

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (25 total)

IDNameProductFamilySeverity
88822GLSA-201602-02 : GNU C Library: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
83639SUSE SLES11 Security Update : glibc (SUSE-SU-2014:1129-1)NessusSuSE Local Security Checks
high
83638SUSE SLES10 Security Update : glibc (SUSE-SU-2014:1128-1)NessusSuSE Local Security Checks
high
83637SUSE SLES11 Security Update : glibc (SUSE-SU-2014:1122-1)NessusSuSE Local Security Checks
high
83634SUSE SLES10 Security Update : glibc (SUSE-SU-2014:1119-1)NessusSuSE Local Security Checks
high
82421Mandriva Linux Security Advisory : glibc (MDVSA-2015:168)NessusMandriva Local Security Checks
high
82190Debian DLA-43-1 : eglibc security updateNessusDebian Local Security Checks
high
81119OracleVM 2.2 : glibc (OVMSA-2015-0024) (GHOST)NessusOracleVM Local Security Checks
high
81118OracleVM 3.2 : glibc (OVMSA-2015-0023) (GHOST)NessusOracleVM Local Security Checks
high
79548OracleVM 3.3 : glibc (OVMSA-2014-0033)NessusOracleVM Local Security Checks
high
79539OracleVM 3.3 : glibc (OVMSA-2014-0017)NessusOracleVM Local Security Checks
high
79044RHEL 5 / 6 : glibc (RHSA-2014:1118)NessusRed Hat Local Security Checks
high
78656Slackware 14.1 / current : glibc (SSA:2014-296-01)NessusSlackware Local Security Checks
high
78583Fedora 19 : glibc-2.17-21.fc19 (2014-9830)NessusFedora Local Security Checks
high
78342Amazon Linux AMI : glibc (ALAS-2014-399)NessusAmazon Linux Local Security Checks
high
77673SuSE 11.3 Security Update : glibc (SAT Patch Number 9669)NessusSuSE Local Security Checks
high
77659openSUSE Security Update : glibc (openSUSE-SU-2014:1115-1)NessusSuSE Local Security Checks
high
77654Mandriva Linux Security Advisory : glibc (MDVSA-2014:175)NessusMandriva Local Security Checks
high
77465Scientific Linux Security Update : glibc on SL5.x, SL6.x i386/x86_64 (20140829)NessusScientific Linux Local Security Checks
high
77464RHEL 5 / 6 / 7 : glibc (RHSA-2014:1110)NessusRed Hat Local Security Checks
high
77463Oracle Linux 5 / 6 / 7 : glibc (ELSA-2014-1110)NessusOracle Linux Local Security Checks
high
77439CentOS 5 / 6 / 7 : glibc (CESA-2014:1110)NessusCentOS Local Security Checks
high
77436Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : eglibc vulnerability (USN-2328-1)NessusUbuntu Local Security Checks
high
77430Fedora 20 : glibc-2.18-14.fc20 (2014-9824)NessusFedora Local Security Checks
high
77418Debian DSA-3012-1 : eglibc - security updateNessusDebian Local Security Checks
high