Vulnerability CVE-2014-7204


Published: 2014-10-07   Modified: 2014-10-08

Description:
jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file.

Vendor: Debian
Product: Debian linux 
Version: 7.0;
Product: Exuberant ctags 
Version: 5.8;
Vendor: Mageia
Product: Mageia 
Version: 4.0; 3.0;
Vendor: Canonical
Product: Ubuntu linux 
Version: 14.04; 12.04;

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://advisories.mageia.org/MGASA-2014-0415.html
http://sourceforge.net/p/ctags/code/791/
http://www.debian.org/security/2014/dsa-3042
http://www.mandriva.com/security/advisories?name=MDVSA-2015:178
http://www.openwall.com/lists/oss-security/2014/09/29/40
http://www.ubuntu.com/usn/USN-2371-1
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742605

Related CVE
CVE-2019-11596
In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c.
CVE-2019-9928
GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.
CVE-2019-11498
WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file ...
CVE-2019-2683
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged att...
CVE-2019-2632
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows unauthenticated attacker with...
CVE-2019-2628
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access v...
CVE-2019-2627
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high p...
CVE-2019-2614
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileg...

Copyright 2019, cxsecurity.com

 

Back to Top