CVE-2014-0004

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-0004
Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point.

6.9 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://lists.freedesktop.org/archives/devkit-devel/2014-March/001568.html Patch
http://lists.opensuse.org/opensuse-updates/2014-03/msg00051.html
http://lists.opensuse.org/opensuse-updates/2014-03/msg00052.html
http://lists.opensuse.org/opensuse-updates/2014-03/msg00053.html
http://rhn.redhat.com/errata/RHSA-2014-0293.html
http://www.debian.org/security/2014/dsa-2872
http://www.securityfocus.com/bid/66081
http://www.ubuntu.com/usn/USN-2142-1
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:freedesktop:udisks:*:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:udisks:1.0:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:udisks:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:udisks:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:udisks:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:udisks:2.0.90:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:udisks:2.0.91:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:udisks:2.0.92:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:udisks:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:udisks:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:udisks:2.1.2:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
History

13 Feb 2023, 00:29

Type Values Removed Values Added
Summary CVE-2014-0004 udisks and udisks2: stack-based buffer overflow when handling long path names Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point.
References
  • {'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=1049703', 'name': 'https://bugzilla.redhat.com/show_bug.cgi?id=1049703', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2014:0293', 'name': 'https://access.redhat.com/errata/RHSA-2014:0293', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/security/cve/CVE-2014-0004', 'name': 'https://access.redhat.com/security/cve/CVE-2014-0004', 'tags': [], 'refsource': 'MISC'}

02 Feb 2023, 20:15

Type Values Removed Values Added
References
  • (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1049703 -
  • (MISC) https://access.redhat.com/errata/RHSA-2014:0293 -
  • (MISC) https://access.redhat.com/security/cve/CVE-2014-0004 -
Summary Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point. CVE-2014-0004 udisks and udisks2: stack-based buffer overflow when handling long path names
Information

Published : 2014-03-11 19:37

Updated : 2023-12-10 11:31

NVD link : CVE-2014-0004

Mitre link : CVE-2014-0004

CVE.ORG link : CVE-2014-0004

JSON object : View

Products Affected

freedesktop

  • udisks

canonical

  • ubuntu_linux
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer