CVE-2014-9471

CWE-20Improper Input Validation9 documents8 sources
Severity
7.5HIGH
EPSS
5.0%
top 10.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GNU CoreutilsCanonical Ubuntu Linux
Timeline
PublishedJan 16
Latest updateMay 13

Description

The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

NVDgnu/coreutils< 8.23
Debiancoreutils< 8.23-1+3
Ubuntucoreutils< 8.21-1ubuntu5.1

Also affects: Ubuntu Linux 10.04, 12.04, 14.04

🔴Vulnerability Details

4
GHSA
GHSA-vg73-g8m4-q62r: The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a cra2022-05-13
CVEList
CVE-2014-9471: The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a cra2015-01-16
OSV
CVE-2014-9471: The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a cra2015-01-16
OSV
coreutils vulnerabilities2015-01-14

📋Vendor Advisories

3
Ubuntu
coreutils vulnerabilities2015-01-14
Red Hat
coreutils: memory corruption flaw in parse_datetime()2014-02-25
Debian
CVE-2014-9471: coreutils - The parse_datetime function in GNU coreutils allows remote attackers to cause a ...2014

💬Community

1
Bugzilla
CVE-2014-9471 coreutils: memory corruption flaw in parse_datetime()2014-11-25