Heap-Based Buffer Overflow in Hex-Rays IDA Pro Debugger Module
CVE-2014-9458

Currently unrated

Key Information:

Vendor: Hex-rays
Status: Ida
Vendor: CVE Published:; 2 January 2015

Summary

A heap-based buffer overflow vulnerability exists in the GDB debugger module of Hex-Rays IDA Pro prior to version 6.6 cumulative fix released on December 24, 2014. This flaw allows remote GDB servers to exploit the debugger through unspecified vectors, potentially leading to unauthorized operations or system instability. Users of affected versions are encouraged to apply the cumulative fix to mitigate the risks associated with this vulnerability.

References

https://www.hex-rays.com/vulnfix.shtml

x_refsource_CONFIRM

https://www.hex-rays.com/bugbounty.shtml

x_refsource_CONFIRM

http://secunia.com/advisories/61863

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jan 2, 2015
Vulnerability Reserved
Jan 2, 2015