Buffer overflow in Gnu Glibc
CVE-2014-9984
nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running…
Vulnerability class: Buffer Overflow
EPSS: 0.005 (66.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Gnu Glibc
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cve@mitre.org (x_refsource_CONFIRM, Patch, Third Party Advisory, Issue Tracking)
- cve@mitre.org (vdb-entry, x_refsource_BID)
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (mailing-list, x_refsource_FULLDISC)
- cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
- cve@mitre.org (x_refsource_MISC)
- cve@mitre.org (mailing-list, x_refsource_FULLDISC)
- cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
- cve@mitre.org (x_refsource_MISC)
Frequently asked questions
- What is CVE-2014-9984?
- CVE-2014-9984 is a critical-severity vulnerability in Gnu Glibc, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 9.8/10. Published 2017-06-12.
- How severe is CVE-2014-9984?
- Critical severity. CVSS v3 base score is 9.8 out of 10.
- Is CVE-2014-9984 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.