NVD

Id
36170  
Name
CVE-2014-9471  
Description
The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2015-01-16  
Modified Date
2015-04-08  
Seq
2014-9471  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
184836 36170 CVE-2014-9471 http://advisories.mageia.org/MGASA-2015-0029.html  View
184837 36170 CVE-2014-9471 http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16872  View
184838 36170 CVE-2014-9471 USN-2473-1  View
184839 36170 CVE-2014-9471 MDVSA-2015:179  View
184840 36170 CVE-2014-9471 [oss-security] 20141124 parse_datetime() bug in coreutils  View
184841 36170 CVE-2014-9471 [oss-security] 20141125 AW: parse_datetime() bug in coreutils  View
184842 36170 CVE-2014-9471 [oss-security] 20150103 Re: parse_datetime() bug in coreutils  View
184843 36170 CVE-2014-9471 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766147  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
18843 JVNDB-2014-007718 GNU coreutils の parse_datetime 関数におけるサービス運用妨害 (DoS) の脆弱性 GNU coreutils の parse_datetime 関数には、サービス運用妨害 (クラッシュ) 状態にされる、または任意のコードを実行される脆弱性が存在します。 CVE-2014-9471 76764 CVE-2014-9471 36170 7.5 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-007718.html 2014-02-25 2015-05-14 View