Base Score

CRITICAL9.8

CVE-2014-9474

Buffer overflow in the mpfr_strtofr function in GNU MPFR before 3.1.2-p11 allows context-dependent attackers to have unspecified impact via vectors related to incorrect documentation for mpn_set_str.

VectorNETWORK

Published Bycve@mitre.org

Published DateOct 10, 2017, 01:30

Weakness Type (CWE):CWE-119

CVSS Metrics

Base Score

9.8

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

CRITICAL

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147737.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147745.html
http://www.mpfr.org/mpfr-3.1.2/patch11
http://www.openwall.com/lists/oss-security/2015/01/03/12
http://www.securityfocus.com/bid/71542
https://bugzilla.redhat.com/show_bug.cgi?id=1171701
https://gforge.inria.fr/scm/viewvc.php/mpfr?revision=9243&view=revision
https://gmplib.org/list-archives/gmp-bugs/2013-December/003267.html
https://security.gentoo.org/glsa/201512-06

Base Score

CRITICAL9.8

Weakness Type (CWE):CWE-119

CVSS Metrics

Base Score

9.8

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

CRITICAL

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH