Lucene search

[email protected]CVE-2014-8611

HistorySep 18, 2015 - 10:59 a.m.

CVE-2014-8611

2015-09-1810:59:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2014-8611

libc

freebsd

kernel

apple ios

denial of service

buffer overflow

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.0%

JSON

The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted application.

Affected configurations

NVD

Node

appleiphone_osRange≤8.4.1

Node

freebsdfreebsdMatch10.1

Node

applemac_os_xRange≤10.10.5

CPENameOperatorVersion
apple:iphone_osapple iphone osle8.4.1

CPE	Name	Operator	Version
apple:iphone_os	apple iphone os	le	8.4.1

References

lists.apple.com/archives/security-announce/2015/Sep/msg00001.html

lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

support.apple.com/HT205212

support.apple.com/HT205267

svnweb.freebsd.org/base?view=revision&revision=275665

www.freebsd.org/security/advisories/FreeBSD-SA-14:27.stdio.asc

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.0%

JSON

Related for CVE-2014-8611

securityvulns6 nessus2 cvelist1 nvd1 freebsd1 freebsd_advisory1 prion1