CVE-2014-5119

Severity

75%

Complexity

99%

Confidentiality

106%

Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 10 years ago

2014-08-29 16:55:00

Last updated 4 years ago

2020-03-31 15:32:00

Affected Software

GNU glibc

Debian Linux 7.0

7.0

CVE-2014-5119

Severity

What is severity?

Complexity

What is complexity?

Confidentiality

What is confidentiality?

Overview

First reported 10 years ago

Last updated 4 years ago

Affected Software

GNU glibc

Debian Linux 7.0

References

http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html

http://linux.oracle.com/errata/ELSA-2015-0092.html

SUSE-SU-2014:1125

RHSA-2014:1118

20140826 CVE-2014-5119 glibc __gconv_translit_find() exploit

60345

60358

60441

61074

61093

20140910 Cisco Unified Communications Manager glibc Arbitrary Code Execution Vulnerability

DSA-3012

MDVSA-2014:175

[oss-security] 20170713 glibc locale issues

[oss-security] 20170713 Re: [CVE Request] glibc iconv_open buffer overflow (was: Re: Re: glibc locale issues)

68983

69738

http://www-01.ibm.com/support/docview.wss?uid=swg21685604

https://code.google.com/p/google-security-research/issues/detail?id=96

RHSA-2014:1110

GLSA-201602-02

https://sourceware.org/bugzilla/show_bug.cgi?id=17187

Stay updated

Get in touch