Lucene search

K

[email protected]NVD:CVE-2014-8611

HistorySep 18, 2015 - 10:59 a.m.

CVE-2014-8611

2015-09-1810:59:00

CWE-119

[email protected]

web.nvd.nist.gov

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.0%

The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted application.

Affected configurations

NVD

Node

appleiphone_osRange≤8.4.1

Node

freebsdfreebsdMatch10.1

Node

applemac_os_xRange≤10.10.5

References

lists.apple.com/archives/security-announce/2015/Sep/msg00001.html

lists.apple.com/archives/security-announce/2015/Sep/msg00008.html

support.apple.com/HT205212

support.apple.com/HT205267

svnweb.freebsd.org/base?view=revision&revision=275665

www.freebsd.org/security/advisories/FreeBSD-SA-14:27.stdio.asc

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.0%

Related for NVD:CVE-2014-8611

freebsd_advisory1 nessus2 cve1 securityvulns6 cvelist1 freebsd1 prion1