CVE-2014-2262
Base SAS 9.2 TS2M3, 9.3 TS1M1-TS1M2, 9.4 TS1M0 - Buffer Overflow via Crafted SAS Program
Title source: llmDescription
Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS 9.3 TS1M1 and TS1M2, and SAS 9.4 TS1M0 allows user-assisted remote attackers to execute arbitrary code via a crafted SAS program.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/531283/100/0/threaded
Vendor Advisory x_refsource_confirm
http://support.sas.com/kb/51/701.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/65853
Various Sources x_refsource_misc
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140227-0_SAS_Buffer_overflow_v10.txt
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/57029
Scores
EPSS
0.0431
EPSS Percentile
90.0%
Details
CWE
CWE-119
Status
published
Products (3)
sas/base_sas
9.2 ts2m
sas/base_sas
9.3 ts1m1 (2 CPE variants)
sas/base_sas
9.4 ts1m0
Published
Mar 01, 2014
Tracked Since
Feb 18, 2026