VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-x9hh-f7f6-9bbr

Vulnerability ID	VCID-x9hh-f7f6-9bbr
Aliases	CVE-2014-8737
Summary	Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar.
Status	Published
Exploitability	0.5
Weighted Severity	0.0
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-22

System	Score	Found at
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2014-8737
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2014-8737

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8737.json
		https://api.first.org/data/v1/epss?cve=CVE-2014-8737
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8484
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8485
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8501
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8502
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8503
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8504
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8737
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8738
1162655		https://bugzilla.redhat.com/show_bug.cgi?id=1162655
GLSA-201612-24		https://security.gentoo.org/glsa/201612-24
RHSA-2015:2079		https://access.redhat.com/errata/RHSA-2015:2079
USN-2496-1		https://usn.ubuntu.com/2496-1/

No exploits are available.

There are no known vectors.

Exploit Prediction Scoring System (EPSS)

Date	Actor	Action	Source	VulnerableCode Version
2026-06-04T16:28:37.657838+00:00	Debian Importer	Import	https://security-tracker.debian.org/tracker/data/json	38.6.0