CVE-2014-9087

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-9087
Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://advisories.mageia.org/MGASA-2014-0498.html Third Party Advisory
http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000359.html Mailing List Vendor Advisory
http://secunia.com/advisories/60073 Third Party Advisory
http://secunia.com/advisories/60189 Third Party Advisory
http://secunia.com/advisories/60233 Third Party Advisory
http://www.debian.org/security/2014/dsa-3078 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2014:234 Not Applicable
http://www.mandriva.com/security/advisories?name=MDVSA-2015:151 Not Applicable
http://www.securityfocus.com/bid/71285 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2427-1 Patch Third Party Advisory
https://blog.fuzzing-project.org/2-Buffer-overflow-and-other-minor-issues-in-GnuPG-and-libksba-TFPA-0012014.html Third Party Advisory
http://advisories.mageia.org/MGASA-2014-0498.html Third Party Advisory
http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000359.html Mailing List Vendor Advisory
http://secunia.com/advisories/60073 Third Party Advisory
http://secunia.com/advisories/60189 Third Party Advisory
http://secunia.com/advisories/60233 Third Party Advisory
http://www.debian.org/security/2014/dsa-3078 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2014:234 Not Applicable
http://www.mandriva.com/security/advisories?name=MDVSA-2015:151 Not Applicable
http://www.securityfocus.com/bid/71285 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2427-1 Patch Third Party Advisory
https://blog.fuzzing-project.org/2-Buffer-overflow-and-other-minor-issues-in-GnuPG-and-libksba-TFPA-0012014.html Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:mageia:mageia:3.0:*:*:*:*:*:*:*
cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:gnupg:libksba:*:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:gnupg:gnupg:2.1.0:-:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:2.1.0:beta1:*:*:*:*:*:*
History

21 Nov 2024, 02:20

Type Values Removed Values Added
References () http://advisories.mageia.org/MGASA-2014-0498.html - Third Party Advisory () http://advisories.mageia.org/MGASA-2014-0498.html - Third Party Advisory
References () http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000359.html - Mailing List, Vendor Advisory () http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000359.html - Mailing List, Vendor Advisory
References () http://secunia.com/advisories/60073 - Third Party Advisory () http://secunia.com/advisories/60073 - Third Party Advisory
References () http://secunia.com/advisories/60189 - Third Party Advisory () http://secunia.com/advisories/60189 - Third Party Advisory
References () http://secunia.com/advisories/60233 - Third Party Advisory () http://secunia.com/advisories/60233 - Third Party Advisory
References () http://www.debian.org/security/2014/dsa-3078 - Third Party Advisory () http://www.debian.org/security/2014/dsa-3078 - Third Party Advisory
References () http://www.mandriva.com/security/advisories?name=MDVSA-2014:234 - Not Applicable () http://www.mandriva.com/security/advisories?name=MDVSA-2014:234 - Not Applicable
References () http://www.mandriva.com/security/advisories?name=MDVSA-2015:151 - Not Applicable () http://www.mandriva.com/security/advisories?name=MDVSA-2015:151 - Not Applicable
References () http://www.securityfocus.com/bid/71285 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/71285 - Third Party Advisory, VDB Entry
References () http://www.ubuntu.com/usn/USN-2427-1 - Patch, Third Party Advisory () http://www.ubuntu.com/usn/USN-2427-1 - Patch, Third Party Advisory
References () https://blog.fuzzing-project.org/2-Buffer-overflow-and-other-minor-issues-in-GnuPG-and-libksba-TFPA-0012014.html - Third Party Advisory () https://blog.fuzzing-project.org/2-Buffer-overflow-and-other-minor-issues-in-GnuPG-and-libksba-TFPA-0012014.html - Third Party Advisory
Information

Published : 2014-12-01 15:59

Updated : 2024-11-21 02:20

NVD link : CVE-2014-9087

Mitre link : CVE-2014-9087

CVE.ORG link : CVE-2014-9087

JSON object : View

Products Affected

gnupg

  • gnupg
  • libksba

canonical

  • ubuntu_linux

mageia

  • mageia

debian

  • debian_linux
CWE
CWE-191

Integer Underflow (Wrap or Wraparound)


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024