Skip to main content

Fedora CVE-2014-9637

MEDIUM
Resource Management Errors (CWE-399)
2017-08-25 secalert@redhat.com
5.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 25, 2017 - 18:29 cve.org
MEDIUM 5.5

DescriptionCVE.org

GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.

AnalysisAI

GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-399. GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file. Affected products include: Fedoraproject Fedora, Mageia, Canonical Ubuntu Linux, Gnu Patch.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Mageia

View all
CVE-2014-9274 HIGH POC
7.5 Dec 09

UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated b

CVE-2014-5461 MEDIUM POC
5.0 Sep 04

Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attacker

CVE-2014-9116 MEDIUM POC
5.0 Dec 02

The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, w

CVE-2014-7204 MEDIUM POC
5.0 Oct 07

jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk co

CVE-2014-9087 HIGH
7.5 Dec 01

Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to

CVE-2014-8117 MEDIUM
5.0 Dec 17

softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of se

CVE-2014-8116 MEDIUM
5.0 Dec 17

The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or

CVE-2013-4159 HIGH
7.5 Aug 06

ctdb before 2.3 in OpenSUSE 12.3 and 13.1 does not create temporary files securely, which has unspecified impact related

CVE-2014-9037 MEDIUM
6.8 Nov 25

WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obt

CVE-2014-8104 MEDIUM
6.8 Dec 03

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause

CVE-2014-3429 MEDIUM
6.8 Aug 07

IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote att

CVE-2015-2296 MEDIUM
6.8 Mar 18

The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session

Share

CVE-2014-9637 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy