Search for vulnerabilities
Vulnerability details: VCID-crqb-xv8r-aaan
Vulnerability ID VCID-crqb-xv8r-aaan
Aliases CVE-2014-6040
Summary GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-6040.html
rhas Moderate https://access.redhat.com/errata/RHSA-2015:0016
rhas Moderate https://access.redhat.com/errata/RHSA-2015:0327
epss 0.01406 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.01406 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.01406 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.01406 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.01497 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.01497 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.01497 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.01497 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.01497 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.01497 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.01497 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.01497 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.01497 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.01497 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.01497 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.01497 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07187 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07187 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07187 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07187 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07187 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07187 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07187 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.07802 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
epss 0.20448 https://api.first.org/data/v1/epss?cve=CVE-2014-6040
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1135841
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6656
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6040
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7817
generic_textual High https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2014-6040
generic_textual Low https://sourceware.org/ml/libc-alpha/2014-08/msg00473.html
generic_textual Low https://ubuntu.com/security/notices/USN-2432-1
generic_textual Low http://www.openwall.com/lists/oss-security/2014/08/29/3
Reference id Reference type URL
http://linux.oracle.com/errata/ELSA-2015-0016.html
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-6040.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6040.json
https://api.first.org/data/v1/epss?cve=CVE-2014-6040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6656
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7817
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235
http://secunia.com/advisories/62100
http://secunia.com/advisories/62146
https://security.gentoo.org/glsa/201602-02
https://sourceware.org/bugzilla/show_bug.cgi?id=17325
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=41488498b6
https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=41488498b6
https://sourceware.org/ml/libc-alpha/2014-08/msg00473.html
https://ubuntu.com/security/notices/USN-2432-1
http://ubuntu.com/usn/usn-2432-1
http://www.debian.org/security/2015/dsa-3142
http://www.mandriva.com/security/advisories?name=MDVSA-2014:175
http://www.openwall.com/lists/oss-security/2014/08/29/3
http://www.openwall.com/lists/oss-security/2014/09/02/1
http://www.securityfocus.com/bid/69472
1135841 https://bugzilla.redhat.com/show_bug.cgi?id=1135841
cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.12:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.14.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.14.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.17:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.18:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*
CVE-2014-6040 https://nvd.nist.gov/vuln/detail/CVE-2014-6040
RHSA-2015:0016 https://access.redhat.com/errata/RHSA-2015:0016
RHSA-2015:0327 https://access.redhat.com/errata/RHSA-2015:0327
USN-2432-1 https://usn.ubuntu.com/2432-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2014-6040
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.86164
EPSS Score 0.01406
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.