CVE-2014-6525 — Integer Overflow or Wraparound in Oracle E-business Suite

CWE-190 — Integer Overflow or Wraparound CWE-122 — Heap-based Buffer Overflow CWE-835 — Infinite Loop7 documents5 sources

Severity

3.5LOWNVD

EPSS

0.1%

top 66.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle E-business Suite

Timeline

PublishedJan 21

Latest updateMay 17

Description

Unspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote authenticated users to affect integrity via unknown vectors related to Templates.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

▶NVDoracle/e-business_suite6 versions+5

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-w9c3-57j9-xvm6: Unspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Business Suite 11↗2022-05-17

▶

CVEList

CVE-2014-6525: Unspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Business Suite 11↗2015-01-21

▶

📋Vendor Advisories

Red Hat

libevent: multiple integer overflows in the evbuffer APIs↗2015-08-24

▶

Red Hat

libevent: potential heap overflow in buffer/bufferevent APIs↗2015-01-05

▶

💬Community

Bugzilla

CVE-2015-6525 libevent: multiple integer overflows in the evbuffer APIs↗2015-08-25

▶