Vulnerability Details : CVE-2014-3775
libgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pidgin and other products, allows remote Gadu-Gadu file relay servers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted message.
Vulnerability category: Input validationExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2014-3775
Probability of exploitation activity in the next 30 days: 2.13%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 88 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-3775
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2014-3775
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-3775
-
https://bugzilla.redhat.com/show_bug.cgi?id=1099776
1099776 – (CVE-2014-3775) CVE-2014-3775 libgadu: server response memory corruption issue
-
https://security.gentoo.org/glsa/201508-02
libgadu: Multiple vulnerabilities (GLSA 201508-02) — Gentoo security
-
http://www.securityfocus.com/bid/67471
libgadu CVE-2014-3775 Memory Corruption Vulnerability
-
http://www.ubuntu.com/usn/USN-2215-1
USN-2215-1: libgadu vulnerability | Ubuntu security notices
-
http://www.debian.org/security/2014/dsa-2935
Debian -- Security Information -- DSA-2935-1 libgadu
-
http://lists.ziew.org/pipermail/libgadu-devel/2014-May/001180.html
-
http://www.openwall.com/lists/oss-security/2014/05/19/3
oss-security - Re: libgadu vulnerability: possible memory corruption
-
http://lists.ziew.org/pipermail/libgadu-devel/2014-May/001171.html
-
http://www.ubuntu.com/usn/USN-2216-1
USN-2216-1: Pidgin vulnerability | Ubuntu security notices
Products affected by CVE-2014-3775
- cpe:2.3:a:libgadu:libgadu:*:*:*:*:*:*:*:*
- cpe:2.3:a:libgadu:libgadu:1.12.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:libgadu:libgadu:1.12.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:libgadu:libgadu:1.12.0:rc2:*:*:*:*:*:*