Lucene search

MitreCVE-2014-2262

HistoryMar 01, 2014 - 12:55 a.m.

CVE-2014-2262

2014-03-0100:55:05

CWE-119

mitre

web.nvd.nist.gov

buffer overflow

base sas

sas 9.2

sas 9.3

sas 9.4

remote code execution

cve-2014-2262

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

Confidence

High

EPSS

0.081

Percentile

94.3%

JSON

Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS 9.3 TS1M1 and TS1M2, and SAS 9.4 TS1M0 allows user-assisted remote attackers to execute arbitrary code via a crafted SAS program.

Affected configurations

Nvd

Node

sasbase_sasMatch9.2ts2m

sasbase_sasMatch9.3ts1m1

sasbase_sasMatch9.3ts1m2

sasbase_sasMatch9.4ts1m0

VendorProductVersionCPE
sasbase_sas9.2cpe:2.3:a:sas:base_sas:9.2:ts2m:*:*:*:*:*:*
sasbase_sas9.3cpe:2.3:a:sas:base_sas:9.3:ts1m1:*:*:*:*:*:*
sasbase_sas9.3cpe:2.3:a:sas:base_sas:9.3:ts1m2:*:*:*:*:*:*
sasbase_sas9.4cpe:2.3:a:sas:base_sas:9.4:ts1m0:*:*:*:*:*:*

Vendor	Product	Version	CPE
sas	base_sas	9.2	cpe:2.3:a:sas:base_sas:9.2:ts2m::::::
sas	base_sas	9.3	cpe:2.3:a:sas:base_sas:9.3:ts1m1::::::
sas	base_sas	9.3	cpe:2.3:a:sas:base_sas:9.3:ts1m2::::::
sas	base_sas	9.4	cpe:2.3:a:sas:base_sas:9.4:ts1m0::::::

References

secunia.com/advisories/57029

support.sas.com/kb/51/701.html

www.securityfocus.com/archive/1/531283/100/0/threaded

www.securityfocus.com/bid/65853

www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140227-0_SAS_Buffer_overflow_v10.txt

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

Confidence

High

EPSS

0.081

Percentile

94.3%

JSON

Related for CVE-2014-2262