CVE-2014-8625

CWE-134Uncontrolled Format String8 documents6 sources
Severity
6.8MEDIUM
EPSS
2.5%
top 14.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Debian Dpkg
Timeline
PublishedJan 20
Latest updateMay 17

Description

Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

Debiandpkg< 1.17.22+3
NVDdebian/dpkg1.17.21

🔴Vulnerability Details

3
GHSA
GHSA-rg28-4v7w-vh73: Multiple format string vulnerabilities in the parse_error_msg function in parsehelp2022-05-17
CVEList
CVE-2014-8625: Multiple format string vulnerabilities in the parse_error_msg function in parsehelp2015-01-20
OSV
CVE-2014-8625: Multiple format string vulnerabilities in the parse_error_msg function in parsehelp2015-01-20

📋Vendor Advisories

1
Debian
CVE-2014-8625: dpkg - Multiple format string vulnerabilities in the parse_error_msg function in parseh...2014

💬Community

3
Bugzilla
CVE-2014-8625 dpkg: format string vulnerability [fedora-all]2014-11-10
Bugzilla
CVE-2014-8625 dpkg: format string vulnerability2014-11-10
Bugzilla
CVE-2014-8625 dpkg: format string vulnerability [epel-all]2014-11-10
CVE-2014-8625 (MEDIUM CVSS 6.8) | Multiple format string vulnerabilit | cvebase.io