Vulnerability Details : CVE-2014-2892
Heap-based buffer overflow in the get_answer function in mmsh.c in libmms before 0.6.4 allows remote attackers to execute arbitrary code via a long line in an MMS over HTTP (MMSH) server response.
Vulnerability category: OverflowExecute code
Products affected by CVE-2014-2892
- cpe:2.3:a:libmms_project:libmms:*:*:*:*:*:*:*:*
- cpe:2.3:a:libmms_project:libmms:0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:libmms_project:libmms:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:libmms_project:libmms:0.6:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-2892
26.53%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-2892
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2014-2892
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-2892
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/92640
libmms get_answer() buffer overflow CVE-2014-2892 Vulnerability Report
-
http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8
libmms / Code / Commit [03bcfc]Exploit;Patch
-
http://sourceforge.net/p/libmms/code/ci/master/tree/ChangeLog
libmms / Code / [a9f692] /ChangeLog
-
http://www.debian.org/security/2014/dsa-2916
Debian -- Security Information -- DSA-2916-1 libmms
-
https://security.gentoo.org/glsa/201612-29
libmms: Remote execution of arbitrary code (GLSA 201612-29) — Gentoo security
-
http://www.securityfocus.com/bid/66933
libmms MMSH Server Response Heap-Based Buffer Overflow Vulnerability
-
http://www.openwall.com/lists/oss-security/2014/04/18/14
oss-security - Re: libmms heap-based buffer overflow fixPatch
-
http://lists.opensuse.org/opensuse-updates/2014-05/msg00001.html
openSUSE-SU-2014:0590-1: moderate: update for libmms
Jump to