CVE-2014-1545
Summary
| CVE | CVE-2014-1545 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-06-11 10:57:00 UTC |
| Updated | 2017-12-28 02:29:00 UTC |
| Description | Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Mozilla | Netscape Portable Runtime | 4.1.1 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.1.2 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.10 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.10.1 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.10.2 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.10.3 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.10.4 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.2 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.2.2 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.3 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.4.1 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.5.1 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.6 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.6.1 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.6.2 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.6.3 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.6.4 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.6.5 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.6.6 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.6.7 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.6.8 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.7 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.7.1 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.7.2 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.7.3 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.7.4 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.7.5 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.7.6 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.8 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.8.2 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.8.3 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.8.4 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.8.5 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.8.6 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.8.7 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.8.8 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.8.9 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.9 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.9.1 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.9.2 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.9.3 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.9.4 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.9.5 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.9.6 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.1.1 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.1.2 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.10 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.10.1 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.10.2 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.10.3 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.10.4 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.2 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.2.2 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.3 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.4.1 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.5.1 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.6 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.6.1 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.6.2 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.6.3 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.6.4 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.6.5 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.6.6 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.6.7 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.6.8 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.7 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.7.1 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.7.2 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.7.3 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.7.4 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.7.5 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.7.6 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.8 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.8.2 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.8.3 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.8.4 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.8.5 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.8.6 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.8.7 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.8.8 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.8.9 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.9 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.9.1 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.9.2 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.9.3 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.9.4 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.9.5 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | 4.9.6 | All | All | All |
| Application | Mozilla | Netscape Portable Runtime | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Oracle Solaris Bulletin - April 2016 | CONFIRM | www.oracle.com | |
| Debian -- Security Information -- DSA-2960-1 icedove | DEBIAN | www.debian.org | |
| Security Advisory SA59425 - SUSE update for MozillaFirefox - Secunia | SECUNIA | secunia.com | |
| Security Advisory SA59318 - Debian update for nspr - Secunia | SECUNIA | secunia.com | |
| Debian -- Security Information -- DSA-2962-1 nspr | DEBIAN | www.debian.org | |
| openSUSE-SU-2014:0858-1: moderate: MozillaThunderbird: Update fixes six | SUSE | lists.opensuse.org | |
| openSUSE-SU-2014:0819-1: moderate: MozillaFirefox, mozilla-nspr: Update | SUSE | lists.opensuse.org | |
| About Secunia Research | Flexera | SECUNIA | secunia.com | |
| Gentoo Security | GENTOO | security.gentoo.org | |
| MFSA 2014-55: Out of bounds write in NSPR | CONFIRM | www.mozilla.org | Vendor Advisory |
| [security-announce] SUSE-SU-2014:0824-1: important: Security update for | SUSE | lists.opensuse.org | |
| Oracle VM Server for x86 Bulletin - July 2016 | CONFIRM | www.oracle.com | |
| [security-announce] openSUSE-SU-2014:0797-1: critical: Mozilla updates 2 | SUSE | lists.opensuse.org | |
| Debian -- Security Information -- DSA-2955-1 iceweasel | DEBIAN | www.debian.org | |
| Security Advisory SA59275 - Debian update for icedove - Secunia | SECUNIA | secunia.com | |
| 2016-10 Security Bulletin: CTPView: Multiple vulnerabilities in CTPView - Juniper Networks | CONFIRM | kb.juniper.net | |
| Mozilla Netscape Portable Runtime CVE-2014-1545 Out of Bounds Memory Corruption Vulnerability | BID | www.securityfocus.com | |
| Security Advisory SA58984 - Debian update for iceweasel - Secunia | SECUNIA | secunia.com | |
| Security Advisory SA59486 - SUSE update for MozillaFirefox and mozilla-nspr - Secunia | SECUNIA | secunia.com | |
| 1107432 – (CVE-2014-1545) CVE-2014-1545 Mozilla: Out of bounds write in NSPR (MFSA 2014-55) | CONFIRM | bugzilla.redhat.com | |
| Netscape Portable Runtime API Buffer Overflow May Let Remote Users Execute Arbitrary Code - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Security Advisory SA59377 - SUSE update for MozillaThunderbird - Secunia | SECUNIA | secunia.com | |
| openSUSE-SU-2014:0855-1: moderate: seamonkey: Update fixes nine security | SUSE | lists.opensuse.org | |
| USN-2265-1: NSPR vulnerability | Ubuntu | UBUNTU | www.ubuntu.com | |
| Access Denied | CONFIRM | bugzilla.mozilla.org | |
| Security Advisory SA59614 - Ubuntu update for nspr - Secunia | SECUNIA | secunia.com | |
| Security Advisory SA59387 - SUSE update for seamonkey - Secunia | SECUNIA | secunia.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 904936 Common Base Linux Mariner (CBL-Mariner) Security Update for openjdk8 (12404)