Buffer overflow in Oracle Solaris
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2014-0397 |
| CWE-ID | CWE-119 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Oracle Solaris Operating systems & Components / Operating system |
| Vendor | Oracle |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Buffer overflow
EUVDB-ID: #VU41242
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2014-0397
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Multiple unspecified vulnerabilities in libXtsol in Oracle Solaris 10 and 11.1 have unspecified impact and attack vectors related to "Buffer errors."
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Solaris: 10 - 11.1
CPE2.3 External linkshttps://www.securityfocus.com/bid/65819
https://blogs.oracle.com/sunsecurity/entry/cve_2014_0397_buffer_errors
https://exchange.xforce.ibmcloud.com/vulnerabilities/91482
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
