CVE-2014-6262 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2014-6262?

CVE-2014-6262 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-6262?

Check the references section above for vendor advisories and patch information. Affected products include: Zenoss Zenoss Core, Debian Debian Linux.

Vulnerability Description

Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph function, aka ZEN-15415, a related issue to CVE-2013-2131.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Zenoss	Zenoss Core	< 4.2.5
Debian	Debian Linux	8.0

Related Weaknesses (CWE)

CWE-134

References

http://www.kb.cert.org/vuls/id/449452Third Party AdvisoryUS Government Resource
https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyThird Party Advisory
https://github.com/oetiker/rrdtool-1.x/commit/64ed5314af1255ab6dded45f70b39cdeabPatchThird Party Advisory
https://github.com/oetiker/rrdtool-1.x/commit/85261a013112e278c90224033f5b0592eePatchThird Party Advisory
https://github.com/oetiker/rrdtool-1.x/pull/532Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/03/msg00000.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2020/03/msg00003.htmlMailing ListThird Party Advisory
https://www.securityfocus.com/bid/71540Third Party AdvisoryVDB Entry
http://www.kb.cert.org/vuls/id/449452Third Party AdvisoryUS Government Resource
https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyThird Party Advisory
https://github.com/oetiker/rrdtool-1.x/commit/64ed5314af1255ab6dded45f70b39cdeabPatchThird Party Advisory
https://github.com/oetiker/rrdtool-1.x/commit/85261a013112e278c90224033f5b0592eePatchThird Party Advisory
https://github.com/oetiker/rrdtool-1.x/pull/532Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/03/msg00000.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2020/03/msg00003.htmlMailing ListThird Party Advisory

FAQ

What is CVE-2014-6262?

CVE-2014-6262 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of se...

How severe is CVE-2014-6262?

CVE-2014-6262 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-6262?

Check the references section above for vendor advisories and patch information. Affected products include: Zenoss Zenoss Core, Debian Debian Linux.