Home > Vulnerability Database > CVE-2017-14500

Mend.io Vulnerability Database

CVE-2017-14500

Date: September 17, 2017

Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure (i.e., a podcast file) that includes shell metacharacters in its filename, related to pb_controller.cpp and queueloader.cpp, a different vulnerability than CVE-2017-12904.

Language: C++

Severity Score

8.8

Related Resources (10)

Url: https://security-tracker.debian.org/tracker/CVE-2017-14500

Url: http://openwall.com/lists/oss-security/2017/09/16/1

Url: https://github.com/akrennmair/newsbeuter/commit/c8fea2f60c18ed30bdd1bb6f798e994e51a58260

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-14500

Url: https://usn.ubuntu.com/4585-1/

Url: https://github.com/akrennmair/newsbeuter/issues/598

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2017-14500

Url: https://github.com/akrennmair/newsbeuter/commit/26f5a4350f3ab5507bb8727051c87bb04660f333

Url: http://www.debian.org/security/2017/dsa-3977

Url: https://www.mend.io/vulnerability-database/CVE-2017-14500

Severity Score

8.8

Weakness Type (CWE)

OS Command Injections

CWE-78

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2017-14500

Date: September 17, 2017

Language: C++

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?