CVE-2014-9471

Currently unrated

Key Information:

Vendor: Gnu
Status: Coreutils
Vendor: CVE Published:; 16 January 2015

Summary

The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command.

References

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://advisories.mageia.org/MGASA-2015-0029.html

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2014/11/25/4

mailing-listx_refsource_MLIST

EPSS Score

1% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 16, 2015
Vulnerability Reserved
Jan 3, 2015