CVE-2014-0469

Stack-based buffer overflow in a certain Debian patch for xbuffy before 3.3.bl.3.dfsg-9 allows remote attackers to execute arbitrary code via the subject of an email, possibly related to indent subject lines.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://packages.qa.debian.org/x/xbuffy/news/20140427T181904Z.html
http://www.debian.org/security/2014/dsa-2921
http://www.openwall.com/lists/oss-security/2014/04/28/3
http://www.securityfocus.com/bid/67090
http://packages.qa.debian.org/x/xbuffy/news/20140427T181904Z.html
http://www.debian.org/security/2014/dsa-2921
http://www.openwall.com/lists/oss-security/2014/04/28/3
http://www.securityfocus.com/bid/67090

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:debian:xbuffy::::::::
	cpe:2.3:a:debian:xbuffy:3.2.1-1:::::::*
	cpe:2.3:a:debian:xbuffy:3.2.1-2:::::::*
	cpe:2.3:a:debian:xbuffy:3.2.1-3:::::::*
	cpe:2.3:a:debian:xbuffy:3.2.1-4:::::::*
	cpe:2.3:a:debian:xbuffy:3.3-1:::::::*
	cpe:2.3:a:debian:xbuffy:3.3.b1.3-4:::::::*
	cpe:2.3:a:debian:xbuffy:3.3.bl.2-1:::::::*
	cpe:2.3:a:debian:xbuffy:3.3.bl.3-1:::::::*
	cpe:2.3:a:debian:xbuffy:3.3.bl.3-2:::::::*
	cpe:2.3:a:debian:xbuffy:3.3.bl.3-3:::::::*
	cpe:2.3:a:debian:xbuffy:3.3.bl.3-5:::::::*
	cpe:2.3:a:debian:xbuffy:3.3.bl.3-6:::::::*
	cpe:2.3:a:debian:xbuffy:3.3.bl.3-7:::::::*
	cpe:2.3:a:debian:xbuffy:3.3.bl.3-8:::::::*
	cpe:2.3:a:debian:xbuffy:3.3.bl.3-9:::::::*
	cpe:2.3:a:debian:xbuffy:3.3.bl.3-10:::::::*
	cpe:2.3:a:debian:xbuffy:3.3.bl.3-11:::::::*
	cpe:2.3:a:debian:xbuffy:3.3.bl.3-12:::::::*
	cpe:2.3:a:debian:xbuffy:3.3.bl.3-13:::::::*
	cpe:2.3:a:debian:xbuffy:3.3.bl.3-14:::::::*
	cpe:2.3:a:debian:xbuffy:3.3.bl.3-15:::::::*
	cpe:2.3:a:debian:xbuffy:3.3.bl.3-16:::::::*
	cpe:2.3:a:debian:xbuffy:3.3.bl.3-17:::::::*
	cpe:2.3:a:debian:xbuffy:3.3.bl.3-18:::::::*
	cpe:2.3:a:debian:xbuffy:3.3.bl.3-19:::::::*
	cpe:2.3:a:debian:xbuffy:3.3.bl.3-20:::::::*
	cpe:2.3:a:debian:xbuffy:3.3.bl.3-21:::::::*
	cpe:2.3:a:debian:xbuffy:3.3.bl.3-22:::::::*
	cpe:2.3:a:debian:xbuffy:3.3.bl.3-23:::::::*
	cpe:2.3:a:debian:xbuffy:3.3.bl.3-24:::::::*
	cpe:2.3:a:debian:xbuffy:3.3.bl.3-25:::::::*
	cpe:2.3:a:debian:xbuffy:3.3.bl.3.dfsg-1:::::::*
	cpe:2.3:a:debian:xbuffy:3.3.bl.3.dfsg-2:::::::*
	cpe:2.3:a:debian:xbuffy:3.3.bl.3.dfsg-3:::::::*
	cpe:2.3:a:debian:xbuffy:3.3.bl.3.dfsg-4:::::::*
	cpe:2.3:a:debian:xbuffy:3.3.bl.3.dfsg-5:::::::*
	cpe:2.3:a:debian:xbuffy:3.3.bl.3.dfsg-6:::::::*
	cpe:2.3:a:debian:xbuffy:3.3.bl.3.dfsg-7:::::::*

History

21 Nov 2024, 02:02

Type	Values Removed	Values Added
References	~~() http://packages.qa.debian.org/x/xbuffy/news/20140427T181904Z.html -~~	() http://packages.qa.debian.org/x/xbuffy/news/20140427T181904Z.html -
References	~~() http://www.debian.org/security/2014/dsa-2921 -~~	() http://www.debian.org/security/2014/dsa-2921 -
References	~~() http://www.openwall.com/lists/oss-security/2014/04/28/3 -~~	() http://www.openwall.com/lists/oss-security/2014/04/28/3 -
References	~~() http://www.securityfocus.com/bid/67090 -~~	() http://www.securityfocus.com/bid/67090 -

Information

Published : 2014-05-05 16:07

Updated : 2025-04-12 10:46

NVD link : CVE-2014-0469

Mitre link : CVE-2014-0469

CVE.ORG link : CVE-2014-0469

JSON object : View

Products Affected

debian

xbuffy

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2014-0469", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-05-05T16:07:05.643", "references": [{"url": "http://packages.qa.debian.org/x/xbuffy/news/20140427T181904Z.html", "source": "security@debian.org"}, {"url": "http://www.debian.org/security/2014/dsa-2921", "source": "security@debian.org"}, {"url": "http://www.openwall.com/lists/oss-security/2014/04/28/3", "source": "security@debian.org"}, {"url": "http://www.securityfocus.com/bid/67090", "source": "security@debian.org"}, {"url": "http://packages.qa.debian.org/x/xbuffy/news/20140427T181904Z.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2014/dsa-2921", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2014/04/28/3", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/67090", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in a certain Debian patch for xbuffy before 3.3.bl.3.dfsg-9 allows remote attackers to execute arbitrary code via the subject of an email, possibly related to indent subject lines."}, {"lang": "es", "value": "Desbordamiento de buffer basado en memoria din\u00e1mica en cierto parche de Debian para xbuffy anterior a 3.3.bl.3.dfsg-9 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del asunto de un email, posiblemente relacionado con l\u00edneas de asunto indentadas."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:debian:xbuffy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "412E8DE0-C1B5-4CFC-AE24-E688612A061D", "versionEndIncluding": "3.3.bl.3.dfsg-8"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.2.1-1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1CA3664-75F7-4E4C-B2F8-875478387785"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.2.1-2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64A7EC99-FF68-4A3F-AD2A-91AD784670AC"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.2.1-3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60DD3DD9-9A31-4FA5-8F1A-150D0D4AA248"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.2.1-4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1147D805-7263-4CA9-A038-1AFC0EFBA920"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.3-1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA09EDDB-583F-47E7-9347-CD47F11782B5"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.3.b1.3-4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4747ADC8-D18C-42E0-8902-AFBD7A2736CA"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.3.bl.2-1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F95E24FD-3B66-4503-B6F1-A0C23040E94C"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.3.bl.3-1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29C3F923-4148-4720-A814-2D575DF7530E"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.3.bl.3-2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87716368-72E7-489C-8321-360D7A438057"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.3.bl.3-3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52EC4CB7-2440-4393-8258-A60EB9887193"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.3.bl.3-5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "728D4DC0-96AE-4F05-BACD-8602562A3BD2"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.3.bl.3-6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01173B26-1140-4E74-BAF1-8007C2E3D601"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.3.bl.3-7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8A01773-2E6D-4AB6-B28B-CDCBDD0DC785"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.3.bl.3-8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "978BB5A7-9A3B-437A-840C-9A71D28D48BC"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.3.bl.3-9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "948685B1-FDE4-4D39-8659-95B7A2E00FEF"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.3.bl.3-10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1579A6EB-D410-4FCE-9FAC-1678E79B4131"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.3.bl.3-11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8F9C249-AAE0-4120-9659-88B317E9D4F8"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.3.bl.3-12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9690A49E-0DE2-4C54-8EC2-6EFF42DA38EA"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.3.bl.3-13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39915986-E4C2-428A-A744-B14FF1C44EE6"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.3.bl.3-14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84DB8FB9-E76D-4227-B605-A550CE9E267D"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.3.bl.3-15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8467FB1-D9E3-4876-B761-1807A9D09105"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.3.bl.3-16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "287FBB30-C168-417E-8FE2-1746F6FF86D3"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.3.bl.3-17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A2F2908-CE8A-414F-8BE2-F8BDE441D885"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.3.bl.3-18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA3FA0A0-33FA-409F-AD61-1C7DBC7642C9"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.3.bl.3-19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FA2C9E4-374D-446D-808D-F81A93F95A7E"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.3.bl.3-20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B59715B-062E-4063-9EC2-60ED4B720022"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.3.bl.3-21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35FD599C-54A8-4C55-8766-46CBC9664D55"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.3.bl.3-22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DD384DC-B481-4D14-8477-397CDBB31685"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.3.bl.3-23:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "133D06C5-C2C6-493A-8FA8-F3CC5A3C7281"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.3.bl.3-24:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD7EE546-0B41-494C-B8A3-A3AEF3C3F230"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.3.bl.3-25:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27B654EF-5102-4BA2-B389-6A18B11ED512"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.3.bl.3.dfsg-1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4681EC42-F45B-48BB-9A7C-C57DDDDB68AB"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.3.bl.3.dfsg-2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19681C27-8F75-49BF-AD23-E73315C6C9DE"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.3.bl.3.dfsg-3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B53C79ED-A3A3-46D2-95F5-B8C3BC8F6C23"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.3.bl.3.dfsg-4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21BE43A0-3E69-4A6D-8A36-C0A8F7AAE83F"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.3.bl.3.dfsg-5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DC38F67-031E-4FF1-A6D1-816FDB26D19C"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.3.bl.3.dfsg-6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5BE544A-DC61-4B73-8D99-B4F0677314F7"}, {"criteria": "cpe:2.3:a:debian:xbuffy:3.3.bl.3.dfsg-7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C04C637A-BA5D-46EB-BCED-5C11ADD93786"}], "operator": "OR"}]}], "sourceIdentifier": "security@debian.org"}

6.8 /10