Search for vulnerabilities
Vulnerability details: VCID-5vtf-562w-aaam
Vulnerability ID VCID-5vtf-562w-aaam
Aliases CVE-2014-5119
Summary Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-189 Numeric Errors
CWE-193 Off-by-one Error
CWE-626 Null Byte Interaction Error (Poison Null Byte)
CWE-122 Heap-based Buffer Overflow
System Score Found at
generic_textual High http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html
generic_textual High http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-5119.html
rhas Important https://access.redhat.com/errata/RHSA-2014:1110
rhas Important https://access.redhat.com/errata/RHSA-2014:1118
epss 0.01087 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.01087 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.01087 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.01087 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.01159 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.01159 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.01159 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.01159 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.01159 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.01159 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.01159 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.01159 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.01159 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.01159 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.1342 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.1342 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.1342 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.1342 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.1342 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.1342 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.1342 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.1342 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.1342 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.1342 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.1342 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.1342 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.1342 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.1342 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.1342 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.1342 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.1342 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.1342 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.1342 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.1342 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.1342 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.13512 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.13512 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.13512 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.13512 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.13512 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.13512 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.13512 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.13512 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.13512 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.13512 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.13512 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.13512 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.13512 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.13512 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.13512 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.13512 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.13512 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.13512 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.13512 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.13512 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.13512 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.13512 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.13512 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.13512 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.13512 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.13512 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.13512 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.13512 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.13512 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.13512 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
epss 0.21988 https://api.first.org/data/v1/epss?cve=CVE-2014-5119
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1119128
generic_textual High https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119
generic_textual High http://seclists.org/oss-sec/2014/q3/145
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2014-5119
generic_textual High https://ubuntu.com/security/notices/USN-2328-1
generic_textual High http://www.openwall.com/lists/oss-security/2014/07/14/2
generic_textual High http://www.openwall.com/lists/oss-security/2014/08/13/5
generic_textual High http://www.openwall.com/lists/oss-security/2014/08/26/2
Reference id Reference type URL
http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html
http://linux.oracle.com/errata/ELSA-2015-0092.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00017.html
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-5119.html
http://rhn.redhat.com/errata/RHSA-2014-1118.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5119.json
https://api.first.org/data/v1/epss?cve=CVE-2014-5119
https://code.google.com/p/google-security-research/issues/detail?id=96
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119
http://seclists.org/fulldisclosure/2014/Aug/69
http://seclists.org/oss-sec/2014/q3/145
http://secunia.com/advisories/60345
http://secunia.com/advisories/60358
http://secunia.com/advisories/60441
http://secunia.com/advisories/61074
http://secunia.com/advisories/61093
https://rhn.redhat.com/errata/RHSA-2014-1110.html
https://security.gentoo.org/glsa/201602-02
https://sourceware.org/bugzilla/show_bug.cgi?id=17187
https://ubuntu.com/security/notices/USN-2328-1
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-5119
http://www-01.ibm.com/support/docview.wss?uid=swg21685604
http://www.debian.org/security/2014/dsa-3012
http://www.mandriva.com/security/advisories?name=MDVSA-2014:175
http://www.openwall.com/lists/oss-security/2014/07/14/1
http://www.openwall.com/lists/oss-security/2014/07/14/2
http://www.openwall.com/lists/oss-security/2014/08/13/5
http://www.openwall.com/lists/oss-security/2014/08/26/2
http://www.securityfocus.com/bid/68983
http://www.securityfocus.com/bid/69738
1119128 https://bugzilla.redhat.com/show_bug.cgi?id=1119128
cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
CVE-2014-5119 https://nvd.nist.gov/vuln/detail/CVE-2014-5119
CVE-2014-5119;OSVDB-109188 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/34421.c
RHSA-2014:1110 https://access.redhat.com/errata/RHSA-2014:1110
RHSA-2014:1118 https://access.redhat.com/errata/RHSA-2014:1118
USN-2328-1 https://usn.ubuntu.com/2328-1/
Data source Exploit-DB
Date added Aug. 27, 2014
Description glibc - NUL Byte gconv_translit_find Off-by-One
Ransomware campaign use Known
Source publication date Aug. 27, 2014
Exploit type local
Platform linux
Source update date Aug. 27, 2014
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2014-5119
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.84106
EPSS Score 0.01087
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.