CVE-2014-3564

Published Oct 20, 2014

Last updated 3 months ago

CVSS info 6.8

Overview

Description: Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "different line lengths in a specific order."
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:gnu:gpgme:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D7C5000-AFB7-4370-ADE9-FC9A141F52A5",
            "versionEndIncluding": "1.5.0"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References