Search for vulnerabilities
Vulnerability details: VCID-qyhs-abea-aaab
Vulnerability ID VCID-qyhs-abea-aaab
Aliases CVE-2014-8964
Summary Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.
Status Published
Exploitability 0.5
Weighted Severity 5.2
Risk 2.6
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8964.html
rhas Low https://access.redhat.com/errata/RHSA-2015:0330
epss 0.02446 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.02446 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.02446 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.02446 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.02446 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.02446 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.02446 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.02446 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.02446 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.02446 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.02446 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.02942 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.02942 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.02942 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.02942 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.02942 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.02942 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.02942 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.02942 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.02942 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.02942 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.02942 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.03962 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.04652 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.04652 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.04652 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.04652 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
epss 0.16166 https://api.first.org/data/v1/epss?cve=CVE-2014-8964
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8964
cvssv2 4.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2014-8964
generic_textual Low https://ubuntu.com/security/notices/USN-2694-1
cvssv3.1 7.5 http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
generic_textual MODERATE http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
Reference id Reference type URL
http://advisories.mageia.org/MGASA-2014-0534.html
http://bugs.exim.org/show_bug.cgi?id=1546
http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145843.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147474.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147511.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147516.html
http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8964.html
http://rhn.redhat.com/errata/RHSA-2015-0330.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8964.json
https://api.first.org/data/v1/epss?cve=CVE-2014-8964
https://bugzilla.redhat.com/show_bug.cgi?id=1166147
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8964
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://security.gentoo.org/glsa/201607-02
https://ubuntu.com/security/notices/USN-2694-1
http://www.exim.org/viewvc/pcre?view=revision&revision=1513
http://www.mandriva.com/security/advisories?name=MDVSA-2015:002
http://www.mandriva.com/security/advisories?name=MDVSA-2015:137
http://www.openwall.com/lists/oss-security/2014/11/21/6
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://www.securityfocus.com/bid/71206
770478 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770478
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*
cpe:2.3:a:pcre:perl_compatible_regular_expression_library:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pcre:perl_compatible_regular_expression_library:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
CVE-2014-8964 https://nvd.nist.gov/vuln/detail/CVE-2014-8964
RHSA-2015:0330 https://access.redhat.com/errata/RHSA-2015:0330
USN-2694-1 https://usn.ubuntu.com/2694-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2014-8964
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.90314
EPSS Score 0.02446
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.