Vulnerability Details : CVE-2014-1545
Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions.
Vulnerability category: Execute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2014-1545
Probability of exploitation activity in the next 30 days: 6.98%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 93 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-1545
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2014-1545
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1018783
1018783 - (CVE-2014-1545) OOB write with sprintf and console functions
-
https://bugzilla.redhat.com/show_bug.cgi?id=1107432
1107432 – (CVE-2014-1545) CVE-2014-1545 Mozilla: Out of bounds write in NSPR (MFSA 2014-55)
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
Juniper Networks - 2016-10 Security Bulletin: CTPView: Multiple vulnerabilities in CTPView
-
http://secunia.com/advisories/59486
Sign in
-
http://lists.opensuse.org/opensuse-updates/2014-07/msg00004.html
openSUSE-SU-2014:0858-1: moderate: MozillaThunderbird: Update fixes six
-
http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html
openSUSE-SU-2014:0855-1: moderate: seamonkey: Update fixes nine security
-
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00019.html
[security-announce] openSUSE-SU-2014:0797-1: critical: Mozilla updates 2
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Oracle Solaris Bulletin - April 2016
-
http://www.securityfocus.com/bid/67975
Mozilla Netscape Portable Runtime CVE-2014-1545 Out of Bounds Memory Corruption Vulnerability
-
http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00023.html
[security-announce] SUSE-SU-2014:0824-1: important: Security update for
-
http://www.debian.org/security/2014/dsa-2960
Debian -- Security Information -- DSA-2960-1 icedove
-
https://security.gentoo.org/glsa/201504-01
Mozilla Products: Multiple vulnerabilities (GLSA 201504-01) — Gentoo security
-
http://www.debian.org/security/2014/dsa-2955
Debian -- Security Information -- DSA-2955-1 iceweasel
-
http://www.mozilla.org/security/announce/2014/mfsa2014-55.html
Out of bounds write in NSPR — MozillaVendor Advisory
-
http://www.securitytracker.com/id/1030404
Netscape Portable Runtime API Buffer Overflow May Let Remote Users Execute Arbitrary Code - SecurityTracker
-
http://secunia.com/advisories/59425
Sign in
-
http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html
openSUSE-SU-2014:0819-1: moderate: MozillaFirefox, mozilla-nspr: Update
-
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Oracle VM Server for x86 Bulletin - July 2016
-
http://www.debian.org/security/2014/dsa-2962
Debian -- Security Information -- DSA-2962-1 nspr
-
http://www.ubuntu.com/usn/USN-2265-1
USN-2265-1: NSPR vulnerability | Ubuntu security notices
Products affected by CVE-2014-1545
- cpe:2.3:a:mozilla:netscape_portable_runtime:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.8.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:netscape_portable_runtime:4.10.4:*:*:*:*:*:*:*