CVE-2014-3788

Cogent DataHub < 7.3.5 - Remote Code Execution via Negative Content-Length

Title source: llm
STIX 2.1

Description

Heap-based buffer overflow in the Web Server in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary code via a negative value in the Content-Length field in a request.

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
http://cogentdatahub.com/ReleaseNotes.html
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-14-135/

Scores

EPSS 0.0401
EPSS Percentile 89.3%

Details

CWE
CWE-119
Status published
Products (12)
cogentdatahub/cogent_datahub 7.0
cogentdatahub/cogent_datahub 7.0.2
cogentdatahub/cogent_datahub 7.1.0
cogentdatahub/cogent_datahub 7.1.1
cogentdatahub/cogent_datahub 7.1.1.63
cogentdatahub/cogent_datahub 7.1.2
cogentdatahub/cogent_datahub 7.2.2
cogentdatahub/cogent_datahub 7.3.0
cogentdatahub/cogent_datahub 7.3.1
cogentdatahub/cogent_datahub 7.3.2
... and 2 more
Published May 22, 2014
Tracked Since Feb 18, 2026