{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-04-10T00:00:00", "descriptions": [{"lang": "en", "value": "The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-29T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "FEDORA-2015-9357", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159449.html"}, {"name": "openSUSE-SU-2015:0595", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00077.html"}, {"tags": ["x_refsource_MISC"], "url": "https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://advisories.mageia.org/MGASA-2015-0139.html"}, {"name": "MDVSA-2015:199", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:199"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9488", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "FEDORA-2015-9357", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159449.html"}, {"name": "openSUSE-SU-2015:0595", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00077.html"}, {"name": "https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html", "refsource": "MISC", "url": "https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html"}, {"name": "http://advisories.mageia.org/MGASA-2015-0139.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2015-0139.html"}, {"name": "MDVSA-2015:199", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:199"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:47:41.015Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2015-9357", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159449.html"}, {"name": "openSUSE-SU-2015:0595", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00077.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://advisories.mageia.org/MGASA-2015-0139.html"}, {"name": "MDVSA-2015:199", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:199"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-9488", "datePublished": "2015-04-14T18:00:00", "dateReserved": "2015-01-03T00:00:00", "dateUpdated": "2024-08-06T13:47:41.015Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:less:*:*:*:*:*:*:*:*", "matchCriteriaId": "531658F7-FE8C-417F-9CD5-71A563DD12B5", "versionEndIncluding": "471", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read."}, {"lang": "es", "value": "La funci\u00f3n is_utf8_well_formed en GNU less anterior a 475 permite a atacantes remotos tener un impacto no especificado a trav\u00e9s de caracteres UFT-8 malformados, lo que provoca una lectura fuera de rango."}], "id": "CVE-2014-9488", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-04-14T18:59:02.887", "references": [{"source": "cve@mitre.org", "url": "http://advisories.mageia.org/MGASA-2015-0139.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159449.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00077.html"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:199"}, {"source": "cve@mitre.org", "url": "https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://advisories.mageia.org/MGASA-2015-0139.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159449.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00077.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:199"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "less: out of bounds read access in is_utf8_well_formed()", "id": "1201309", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1201309"}, "csaw": false, "cvss": {"cvss_base_score": "1.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", "status": "draft"}, "cvss3": {"cvss3_base_score": "2.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-120", "details": ["The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read.", "An out of bound read, with a maximum of 5 bytes, was found in the way the is_utf8_well_formed() function parsed UTF-8 characters. If less was to be recompiled with an address sanitizer, a specially crafted input could crash less."], "name": "CVE-2014-9488", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "less", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "less", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "less", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2015-03-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-9488\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9488\nhttps://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html"], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low"}

{}