var-201604-0652
Vulnerability from variot
Buffer overflow in the main_get_appheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code via a crafted input file. xdelta is a set of command line programs developed by software developer Joshua MacDonald for handling incremental encoding (not complete storage or transmission of data). xdelta3 is an enhanced version of xdelta. ============================================================================ Ubuntu Security Notice USN-2901-1 February 17, 2016
xdelta3 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
Summary:
xdelta3 could be made to crash or run programs if it opened a specially crafted file.
Software Description: - xdelta3: Diff utility which works with binary files
Details:
It was discovered that xdelta3 incorrectly handled certain files.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: xdelta3 3.0.8-dfsg-1ubuntu0.15.10.2
Ubuntu 14.04 LTS: xdelta3 3.0.7-dfsg-2ubuntu0.2
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2901-1 CVE-2014-9765
Package Information: https://launchpad.net/ubuntu/+source/xdelta3/3.0.8-dfsg-1ubuntu0.15.10.2 https://launchpad.net/ubuntu/+source/xdelta3/3.0.7-dfsg-2ubuntu0.2 .
Background
Xdelta is a C library and command-line tool for delta compression using VCDIFF/RFC 3284 streams.
Impact
A remote attacker could coerce the victim to run xdelta against a malicious input file. This may be leveraged by an attacker to crash xdelta and gain control of program execution.
Workaround
There is no known workaround at this time.
Resolution
All xdelta users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/xdelta-3.0.10"
References
[ 1 ] CVE-2014-9765 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9765
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201701-40
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For the oldstable distribution (wheezy), this problem has been fixed in version 3.0.0.dfsg-1+deb7u1.
For the stable distribution (jessie), this problem has been fixed in version 3.0.8-dfsg-1+deb8u1.
For the testing distribution (stretch), this problem has been fixed in version 3.0.8-dfsg-1.1.
For the unstable distribution (sid), this problem has been fixed in version 3.0.8-dfsg-1.1.
We recommend that you upgrade your xdelta3 packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJWxzifAAoJEAVMuPMTQ89E5BkP/R75kZvWctuo7+D+S+sqPkFc /n3w5o2FXUFIkp8GWj7WA+nECKEf95vNaBDukNdRv3c+WsDJ74wiAkKei9TGKwsa lt0lTvMOZDwyz6ZzKyCeJC64RhYduVwzYFYlzi96cv7whK67OgyTR1sdK6KS7rqs qHoVGs6f2mahy8LYTE57KszUz9im5ZRzC5Gzr0aYCi5q1Xwq1FJkZ3KoNUWrLWBm XB8e5GUTD0dJnjf2JmfB/cUhLuSnomHFBT3Dz8QuJRoTKCBIZv9aoly4tjVFIZpd cxAdt8E9gGe9jc86xk2c098LsI2ta9MfGUMaLhEIYqJF9NGnYAHCeatyj7yZnVIq 4NPdj7lXL1XmC/rtRWWYiI46wTfs1j60B95tEY3H9z9c83x67P3X1z5pEpv1Yq29 qjVvH3vkKA2YFjSo/DSs5Na3vJUE33o3aKPJ4fCmVAxJj8RQD8ktgd4JsomMu3i5 nUhuMl2VPU1JCyX9ckniqXo9Rtb5yDLvyA0lgxAk826fNboS4bFolcNC7Gx0BG3E hMXV2JSiS1SP559ct5nw8zMkggyX3vsYNScrahA3Y7SA7wnAbLTR9V2z/eFVRZfP NCxjVmrHDhx/r0K4bapLOsrLiICBld8dQVxzB+Qe7zRTjbh6Prc7UeCB+ahOjoar Zn0EbyC0roOV1QsHDIp5 =FAR5 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0652",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "opensuse",
"scope": "eq",
"trust": 1.8,
"vendor": "opensuse",
"version": "13.1"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.8,
"vendor": "opensuse",
"version": "13.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "xdelta3",
"scope": "lte",
"trust": 1.0,
"vendor": "xdelta",
"version": "3.0.8"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "15.10"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "ubuntu",
"scope": "eq",
"trust": 0.8,
"vendor": "canonical",
"version": "14.04 lts"
},
{
"model": "ubuntu",
"scope": "eq",
"trust": 0.8,
"vendor": "canonical",
"version": "15.10"
},
{
"model": "gnu/linux",
"scope": "eq",
"trust": 0.8,
"vendor": "debian",
"version": "7.0"
},
{
"model": "gnu/linux",
"scope": "eq",
"trust": 0.8,
"vendor": "debian",
"version": "8.0"
},
{
"model": "xdelta3",
"scope": "lt",
"trust": 0.8,
"vendor": "xdelta",
"version": "3.0.9"
},
{
"model": "xdelta3",
"scope": "lt",
"trust": 0.6,
"vendor": "xdelta3",
"version": "3.0.9"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.6,
"vendor": "novell",
"version": "13.1"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.6,
"vendor": "novell",
"version": "13.2"
},
{
"model": "xdelta3",
"scope": "eq",
"trust": 0.6,
"vendor": "xdelta",
"version": "3.0.8"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02491"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008162"
},
{
"db": "NVD",
"id": "CVE-2014-9765"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-343"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:xdelta:xdelta3:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.8",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9765"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stepan Golosunov",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-343"
}
],
"trust": 0.6
},
"cve": "CVE-2014-9765",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-9765",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-02491",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2014-9765",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-9765",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-02491",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-343",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02491"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008162"
},
{
"db": "NVD",
"id": "CVE-2014-9765"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-343"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the main_get_appheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code via a crafted input file. xdelta is a set of command line programs developed by software developer Joshua MacDonald for handling incremental encoding (not complete storage or transmission of data). xdelta3 is an enhanced version of xdelta. ============================================================================\nUbuntu Security Notice USN-2901-1\nFebruary 17, 2016\n\nxdelta3 vulnerability\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n\nSummary:\n\nxdelta3 could be made to crash or run programs if it opened a specially\ncrafted file. \n\nSoftware Description:\n- xdelta3: Diff utility which works with binary files\n\nDetails:\n\nIt was discovered that xdelta3 incorrectly handled certain files. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n xdelta3 3.0.8-dfsg-1ubuntu0.15.10.2\n\nUbuntu 14.04 LTS:\n xdelta3 3.0.7-dfsg-2ubuntu0.2\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-2901-1\n CVE-2014-9765\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/xdelta3/3.0.8-dfsg-1ubuntu0.15.10.2\n https://launchpad.net/ubuntu/+source/xdelta3/3.0.7-dfsg-2ubuntu0.2\n. \n\nBackground\n==========\n\nXdelta is a C library and command-line tool for delta compression using\nVCDIFF/RFC 3284 streams. \n\nImpact\n======\n\nA remote attacker could coerce the victim to run xdelta against a\nmalicious input file. This may be leveraged by an attacker to crash\nxdelta and gain control of program execution. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll xdelta users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-util/xdelta-3.0.10\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-9765\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9765\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201701-40\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. \n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 3.0.0.dfsg-1+deb7u1. \n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 3.0.8-dfsg-1+deb8u1. \n\nFor the testing distribution (stretch), this problem has been fixed\nin version 3.0.8-dfsg-1.1. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.0.8-dfsg-1.1. \n\nWe recommend that you upgrade your xdelta3 packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIcBAEBCgAGBQJWxzifAAoJEAVMuPMTQ89E5BkP/R75kZvWctuo7+D+S+sqPkFc\n/n3w5o2FXUFIkp8GWj7WA+nECKEf95vNaBDukNdRv3c+WsDJ74wiAkKei9TGKwsa\nlt0lTvMOZDwyz6ZzKyCeJC64RhYduVwzYFYlzi96cv7whK67OgyTR1sdK6KS7rqs\nqHoVGs6f2mahy8LYTE57KszUz9im5ZRzC5Gzr0aYCi5q1Xwq1FJkZ3KoNUWrLWBm\nXB8e5GUTD0dJnjf2JmfB/cUhLuSnomHFBT3Dz8QuJRoTKCBIZv9aoly4tjVFIZpd\ncxAdt8E9gGe9jc86xk2c098LsI2ta9MfGUMaLhEIYqJF9NGnYAHCeatyj7yZnVIq\n4NPdj7lXL1XmC/rtRWWYiI46wTfs1j60B95tEY3H9z9c83x67P3X1z5pEpv1Yq29\nqjVvH3vkKA2YFjSo/DSs5Na3vJUE33o3aKPJ4fCmVAxJj8RQD8ktgd4JsomMu3i5\nnUhuMl2VPU1JCyX9ckniqXo9Rtb5yDLvyA0lgxAk826fNboS4bFolcNC7Gx0BG3E\nhMXV2JSiS1SP559ct5nw8zMkggyX3vsYNScrahA3Y7SA7wnAbLTR9V2z/eFVRZfP\nNCxjVmrHDhx/r0K4bapLOsrLiICBld8dQVxzB+Qe7zRTjbh6Prc7UeCB+ahOjoar\nZn0EbyC0roOV1QsHDIp5\n=FAR5\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9765"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008162"
},
{
"db": "CNVD",
"id": "CNVD-2016-02491"
},
{
"db": "PACKETSTORM",
"id": "135812"
},
{
"db": "PACKETSTORM",
"id": "140543"
},
{
"db": "PACKETSTORM",
"id": "135855"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9765",
"trust": 3.3
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2016/02/08/1",
"trust": 2.2
},
{
"db": "BID",
"id": "83109",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2016/02/08/2",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008162",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2016-02491",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201602-343",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "135812",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140543",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "135855",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02491"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008162"
},
{
"db": "PACKETSTORM",
"id": "135812"
},
{
"db": "PACKETSTORM",
"id": "140543"
},
{
"db": "PACKETSTORM",
"id": "135855"
},
{
"db": "NVD",
"id": "CVE-2014-9765"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-343"
}
]
},
"id": "VAR-201604-0652",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02491"
}
],
"trust": 1.225
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02491"
}
]
},
"last_update_date": "2023-12-18T14:05:57.568000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-3484",
"trust": 0.8,
"url": "https://www.debian.org/security/2016/dsa-3484"
},
{
"title": "Add appheader tests; fix buffer overflow in main_get_appheader",
"trust": 0.8,
"url": "https://github.com/jmacd/xdelta-gpl/commit/ef93ff74203e030073b898c05e8b4860b5d09ef2"
},
{
"title": "openSUSE-SU-2016:0530",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00131.html"
},
{
"title": "openSUSE-SU-2016:0524",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00125.html"
},
{
"title": "USN-2901-1",
"trust": 0.8,
"url": "http://www.ubuntu.com/usn/usn-2901-1/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://xdelta.org/"
},
{
"title": "Patch for xdelta3 buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/74608"
},
{
"title": "xdelta3 Fixes for local buffer overflow vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=60264"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02491"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008162"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-343"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008162"
},
{
"db": "NVD",
"id": "CVE-2014-9765"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00125.html"
},
{
"trust": 2.2,
"url": "http://www.debian.org/security/2016/dsa-3484"
},
{
"trust": 2.2,
"url": "http://www.openwall.com/lists/oss-security/2016/02/08/1"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-2901-1"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00131.html"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2016/02/08/2"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/83109"
},
{
"trust": 1.6,
"url": "https://github.com/jmacd/xdelta-devel/commit/ef93ff74203e030073b898c05e8b4860b5d09ef2"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/201701-40"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9765"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9765"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9765"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/xdelta3/3.0.8-dfsg-1ubuntu0.15.10.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/xdelta3/3.0.7-dfsg-2ubuntu0.2"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02491"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008162"
},
{
"db": "PACKETSTORM",
"id": "135812"
},
{
"db": "PACKETSTORM",
"id": "140543"
},
{
"db": "PACKETSTORM",
"id": "135855"
},
{
"db": "NVD",
"id": "CVE-2014-9765"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-343"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-02491"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008162"
},
{
"db": "PACKETSTORM",
"id": "135812"
},
{
"db": "PACKETSTORM",
"id": "140543"
},
{
"db": "PACKETSTORM",
"id": "135855"
},
{
"db": "NVD",
"id": "CVE-2014-9765"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-343"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02491"
},
{
"date": "2016-04-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008162"
},
{
"date": "2016-02-17T23:53:53",
"db": "PACKETSTORM",
"id": "135812"
},
{
"date": "2017-01-17T15:34:36",
"db": "PACKETSTORM",
"id": "140543"
},
{
"date": "2016-02-19T22:55:00",
"db": "PACKETSTORM",
"id": "135855"
},
{
"date": "2016-04-19T21:59:01.100000",
"db": "NVD",
"id": "CVE-2014-9765"
},
{
"date": "2016-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-343"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02491"
},
{
"date": "2016-04-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008162"
},
{
"date": "2018-10-30T16:27:35.843000",
"db": "NVD",
"id": "CVE-2014-9765"
},
{
"date": "2016-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-343"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "135812"
},
{
"db": "PACKETSTORM",
"id": "140543"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-343"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xdelta3 buffer overflow vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02491"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-343"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-343"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.