CVE-2014-3775 : libgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pidgin and other

libgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pidgin and other products, allows remote Gadu-Gadu file relay servers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted message.

Published 2014-05-22 11:14:16

Updated 2016-12-22 02:59:16

Source MITRE

View at NVD, CVE.org

Vulnerability category: Input validationExecute codeDenial of service

Products affected by CVE-2014-3775

Libgadu » Libgadu
Versions up to, including, (<=) 1.11.4
cpe:2.3:a:libgadu:libgadu:*:*:*:*:*:*:*:*
Matching versions
Libgadu » Libgadu » Version: 1.12.0 Update RC1
cpe:2.3:a:libgadu:libgadu:1.12.0:rc1:*:*:*:*:*:*
Matching versions
Libgadu » Libgadu » Version: 1.12.0 Update RC3
cpe:2.3:a:libgadu:libgadu:1.12.0:rc3:*:*:*:*:*:*
Matching versions
Libgadu » Libgadu » Version: 1.12.0 Update RC2
cpe:2.3:a:libgadu:libgadu:1.12.0:rc2:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-3775

EPSS FAQ

2.13%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 88 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-3775

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2014-3775

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-3775

https://bugzilla.redhat.com/show_bug.cgi?id=1099776

1099776 – (CVE-2014-3775) CVE-2014-3775 libgadu: server response memory corruption issue
https://security.gentoo.org/glsa/201508-02

libgadu: Multiple vulnerabilities (GLSA 201508-02) — Gentoo security

CVEs referencing this url
http://www.securityfocus.com/bid/67471

libgadu CVE-2014-3775 Memory Corruption Vulnerability
http://www.ubuntu.com/usn/USN-2215-1

USN-2215-1: libgadu vulnerability | Ubuntu security notices
http://www.debian.org/security/2014/dsa-2935

Debian -- Security Information -- DSA-2935-1 libgadu
http://lists.ziew.org/pipermail/libgadu-devel/2014-May/001180.html
http://www.openwall.com/lists/oss-security/2014/05/19/3

oss-security - Re: libgadu vulnerability: possible memory corruption
http://lists.ziew.org/pipermail/libgadu-devel/2014-May/001171.html
http://www.ubuntu.com/usn/USN-2216-1

USN-2216-1: Pidgin vulnerability | Ubuntu security notices

Jump to

Vulnerability Details : CVE-2014-3775

Products affected by CVE-2014-3775

Exploit prediction scoring system (EPSS) score for CVE-2014-3775

CVSS scores for CVE-2014-3775

CWE ids for CVE-2014-3775

References for CVE-2014-3775