Input validation error - CVE-2014-8483
Published: November 6, 2014 / Updated: August 4, 2020
Vulnerability identifier: #VU33653
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2014-8483
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor:
Affected software:
Detailed vulnerability description
The vulnerability allows remote attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (out-of-bounds read) via a malformed string.
How to mitigate CVE-2014-8483
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Sources
- http://bugs.quassel-irc.org/issues/1314
- http://lists.opensuse.org/opensuse-updates/2014-11/msg00028.html
- http://lists.opensuse.org/opensuse-updates/2014-11/msg00046.html
- http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html
- http://secunia.com/advisories/61932
- http://secunia.com/advisories/62035
- http://secunia.com/advisories/62261
- http://www.debian.org/security/2014/dsa-3063
- http://www.debian.org/security/2014/dsa-3068
- http://www.ubuntu.com/usn/USN-2401-1
- https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138