CVE-2014-0479

Published: Aug 6, 2014Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

reportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows remote attackers to execute arbitrary commands via vectors related to compare_versions and reportbug/checkversions.py.

Affected (2)

Products: Canonical: Reportbug · Debian: Reportbug

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Canonical Reportbug	Up to 6.5.0
Debian Reportbug	Up to 6.4.4

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (12)

http://secunia.com/advisories/59896

Source: security@debian.org

http://www.debian.org/security/2014/dsa-2997

Source: security@debian.org

http://www.osvdb.org/109858

Source: security@debian.org

http://www.securityfocus.com/bid/69055

Source: security@debian.org

https://bugs.launchpad.net/ubuntu/+source/reportbug/+bug/1353046

Source: security@debian.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/95149

Source: security@debian.org

http://secunia.com/advisories/59896