CVE-2014-2262

Published: Mar 1, 2014Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS 9.3 TS1M1 and TS1M2, and SAS 9.4 TS1M0 allows user-assisted remote attackers to execute arbitrary code via a crafted SAS program.

Affected (4)

Products: Sas: Base Sas

Sas

1 product

Base Sas

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Sas Base Sas	Version 9.2 ts2m
Sas Base Sas	Version 9.3 ts1m1
Sas Base Sas	Version 9.3 ts1m2
Sas Base Sas	Version 9.4 ts1m0

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (10)

http://secunia.com/advisories/57029

Source: cve@mitre.org

Vendor Advisory

http://support.sas.com/kb/51/701.html

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/archive/1/531283/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/65853

Source: cve@mitre.org

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140227-0_SAS_Buffer_overflow_v10.txt

Source: cve@mitre.org

http://secunia.com/advisories/57029