CVE-2014-9761

NameCVE-2014-9761
DescriptionMultiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-411-1
Debian Bugs813187

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
glibc (PTS)buster2.28-10+deb10u1fixed
bullseye2.31-13+deb11u3fixed
bookworm, sid2.33-7fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
eglibcsourcesqueeze2.11.3-4+deb6u9DLA-411-1
eglibcsource(unstable)(unfixed)
glibcsource(unstable)2.23-1813187

Notes

[jessie] - glibc <no-dsa> (Minor issue)
[wheezy] - eglibc <no-dsa> (Minor issue)
https://sourceware.org/bugzilla/show_bug.cgi?id=16962
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e02cabecf0d025ec4f4ddee290bdf7aadb873bb3
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8f5e8b01a1da2a207228f2072c934fa5918554b8
Fixed for 2.23 upstream

Search for package or bug name: Reporting problems