CVE-2014-3802

CWE-20Improper Input Validation3 documents3 sources
Severity
6.8MEDIUM
EPSS
9.6%
top 7.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Visual Studio
Timeline
PublishedMay 20
Latest updateMay 17

Description

msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-vvjc-3hh3-ch9p: msdia2022-05-17
CVEList
CVE-2014-3802: msdia2014-05-20
CVE-2014-3802 (MEDIUM CVSS 6.8) | msdia.dll in Microsoft Debug Interf | cvebase.io