What is the severity of CVE-2014-9862?

CVE-2014-9862 has a high severity rating due to its potential to allow remote code execution or denial of service.

How do I fix CVE-2014-9862?

To fix CVE-2014-9862, update bsdiff to versions 4.3-21, 4.3-22, or 4.3-23 on Debian, or version 4.3-17 on Ubuntu.

What products are affected by CVE-2014-9862?

CVE-2014-9862 affects Apple OS X versions prior to 10.11.6 and various versions of the bsdiff software.

What type of exploitation can occur due to CVE-2014-9862?

Exploitation of CVE-2014-9862 can lead to arbitrary code execution or result in a heap-based buffer overflow.

Who can exploit CVE-2014-9862?

Remote attackers with access to a crafted patch file can exploit CVE-2014-9862.

Vulnerability/
CVE-2014-9862

high

7.8

CWE

119 190

22/7/2016

17/9/2020

CVE-2014-9862: Buffer Overflow

First published: Fri Jul 22 2016(Updated: )

Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
debian/bsdiff		4.3-21 4.3-22 4.3-23
ubuntu/bsdiff	<4.3-17	4.3-17
ubuntu/bsdiff	<4.3-15+	4.3-15+
macOS Yosemite	<=10.11.5

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

USN-4500-1

Frequently Asked Questions

What is the severity of CVE-2014-9862?
CVE-2014-9862 has a high severity rating due to its potential to allow remote code execution or denial of service.
How do I fix CVE-2014-9862?
To fix CVE-2014-9862, update bsdiff to versions 4.3-21, 4.3-22, or 4.3-23 on Debian, or version 4.3-17 on Ubuntu.
What products are affected by CVE-2014-9862?
CVE-2014-9862 affects Apple OS X versions prior to 10.11.6 and various versions of the bsdiff software.
What type of exploitation can occur due to CVE-2014-9862?
Exploitation of CVE-2014-9862 can lead to arbitrary code execution or result in a heap-based buffer overflow.
Who can exploit CVE-2014-9862?
Remote attackers with access to a crafted patch file can exploit CVE-2014-9862.

collector/launchpad-cve
collector/security-tracker-debian
collector/usn-cve
agent/author
agent/type
agent/last-modified-date
agent/first-publish-date
agent/tags
agent/event
agent/severity
agent/references
agent/weakness
agent/description
collector/nvd-cve
agent/software-canonical-lookup-request
collector/nvd-index
agent/softwarecombine
package-manager/debian
package-manager/ubuntu
vendor/apple
canonical/macos yosemite
version/macos yosemite/10.11.5

Frequently Asked Questions

What is the severity of CVE-2014-9862?
CVE-2014-9862 has a high severity rating due to its potential to allow remote code execution or denial of service.
How do I fix CVE-2014-9862?
To fix CVE-2014-9862, update bsdiff to versions 4.3-21, 4.3-22, or 4.3-23 on Debian, or version 4.3-17 on Ubuntu.
What products are affected by CVE-2014-9862?
CVE-2014-9862 affects Apple OS X versions prior to 10.11.6 and various versions of the bsdiff software.
What type of exploitation can occur due to CVE-2014-9862?
Exploitation of CVE-2014-9862 can lead to arbitrary code execution or result in a heap-based buffer overflow.
Who can exploit CVE-2014-9862?
Remote attackers with access to a crafted patch file can exploit CVE-2014-9862.

CVE-2014-9862: Buffer Overflow

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2014-9862?

How do I fix CVE-2014-9862?

What products are affected by CVE-2014-9862?

What type of exploitation can occur due to CVE-2014-9862?

Who can exploit CVE-2014-9862?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2014-9862?

How do I fix CVE-2014-9862?

What products are affected by CVE-2014-9862?

What type of exploitation can occur due to CVE-2014-9862?

Who can exploit CVE-2014-9862?