Heap-Based Buffer Overflow in Hex-Rays IDA Pro Debugger Module
CVE-2014-9458

Currently unrated

Key Information:

Vendor: Hex-rays
Status: Ida
Vendor: CVE Published:; 2 January 2015

What is CVE-2014-9458?

A heap-based buffer overflow vulnerability exists in the GDB debugger module of Hex-Rays IDA Pro prior to version 6.6 cumulative fix released on December 24, 2014. This flaw allows remote GDB servers to exploit the debugger through unspecified vectors, potentially leading to unauthorized operations or system instability. Users of affected versions are encouraged to apply the cumulative fix to mitigate the risks associated with this vulnerability.

References

https://www.hex-rays.com/vulnfix.shtml

x_refsource_CONFIRM

https://www.hex-rays.com/bugbounty.shtml

x_refsource_CONFIRM

http://secunia.com/advisories/61863

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 2, 2015
Vulnerability Reserved
Jan 2, 2015

Hex-rays

What is CVE-2014-9458?

References

Timeline