CVE-2017-14500

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-14500
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14500.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-14500
Downstream
Published
2017-09-17T05:29:00.193Z
Modified
2026-03-15T22:15:12.412528Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure (i.e., a podcast file) that includes shell metacharacters in its filename, related to pb_controller.cpp and queueloader.cpp, a different vulnerability than CVE-2017-12904.

References

Affected packages

Git / github.com/akrennmair/newsbeuter

Affected ranges

Type
GIT
Repo
https://github.com/akrennmair/newsbeuter
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ee1830151054fe407afa9341a05a82e989205134
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
6041cee5682b5f3270337b0a923fe3e517fcc92e
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f2076ca1b9edd4f8ed7f364bee33b44c9eece0d2
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7fc126dc3a09a417918d9089abc914f0e0f46da8
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
277c4a033f4d8d56aa564f6da25662692fc137d3
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4865e6654586ddf51aaf743e940d0c7bb088b3d2
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
47ead54bf2e0dd4fd3f29dfb94fb05d95f941ce2
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
23e85563585d0e4c5ef2774d2f2f0c893b951c20
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1a42ef8f8db3e4ce872504b9e92e802f03ed52f4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
12034ce711cea811e1a7df003cf301bcfc0d3e6b
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
46bf71384211aee2fafe9e435fb7b72641414cb4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
9046a2b1596d9a284f10864388b5424d59dfa6d4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
52ed8907d0c3cba22aed84ae4a31d090d0fbf746
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4a447917f7c8b33ef3aae8cd221c47dbdb1c3246
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3e052f72797359e3f39c0065912f1611ad088085
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2970498501bbffeaa00120fee041e4a2620029d7
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
99ee8f03c64b26b1deafaa10345982d917c8bdd1
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f9764f0ac59372876b41166cf085dce4f5e6f83e
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b90782df7846f4279c1ed55d6d57e6d4f37fc94b
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
6548dd953f4067e663c43d306110d9bba8525760
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
799389f6a4d9336da46b948a6c2d86d50fdbc8ab
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
fe0d8362626054a506e8e9c9819e2fe1623807db
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8df68f426ca4360fcced0edf8fb48cd6088f0e90
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
969fcb163d541fa26f4600c6ae0bfe3d36309823
Fixed
26f5a4350f3ab5507bb8727051c87bb04660f333
Fixed
c8fea2f60c18ed30bdd1bb6f798e994e51a58260
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.7"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.8"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.8.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.8.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.9"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.9.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.7"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.8"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.9"
        }
    ]
}

Affected versions

r2.*
r2.0
r2.1
r2.2
r2.3
r2.4
r2.5
r2.6
r2.7
r2.8
r2.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14500.json"
vanir_signatures 
[
    {
        "signature_version": "v1",
        "target": {
            "file": "src/pb_controller.cpp"
        },
        "source": "https://github.com/akrennmair/newsbeuter/commit/26f5a4350f3ab5507bb8727051c87bb04660f333",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "122203421145135607605150740415678481744",
                "226326304608593480580444074630309874189",
                "141851851325221400487052087950423918467",
                "126645352107463222030298578303702291104",
                "280107155541152668819977864311526523605",
                "100975989055322441498022819319882045499"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2017-14500-0ba005de",
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "src/queueloader.cpp",
            "function": "queueloader::get_filename"
        },
        "source": "https://github.com/akrennmair/newsbeuter/commit/c8fea2f60c18ed30bdd1bb6f798e994e51a58260",
        "deprecated": false,
        "digest": {
            "function_hash": "297464687269015149749922159851838517057",
            "length": 569.0
        },
        "id": "CVE-2017-14500-11cd728b",
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "src/pb_controller.cpp"
        },
        "source": "https://github.com/akrennmair/newsbeuter/commit/c8fea2f60c18ed30bdd1bb6f798e994e51a58260",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "122203421145135607605150740415678481744",
                "226326304608593480580444074630309874189",
                "141851851325221400487052087950423918467",
                "126645352107463222030298578303702291104",
                "261190887748625915739741040140074181224",
                "72870267390956557907745808987922535707"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2017-14500-1f236f20",
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "src/pb_controller.cpp",
            "function": "pb_controller::play_file"
        },
        "source": "https://github.com/akrennmair/newsbeuter/commit/26f5a4350f3ab5507bb8727051c87bb04660f333",
        "deprecated": false,
        "digest": {
            "function_hash": "59995948087546701770999833077024963097",
            "length": 426.0
        },
        "id": "CVE-2017-14500-55327ebc",
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "src/queueloader.cpp",
            "function": "queueloader::get_filename"
        },
        "source": "https://github.com/akrennmair/newsbeuter/commit/26f5a4350f3ab5507bb8727051c87bb04660f333",
        "deprecated": false,
        "digest": {
            "function_hash": "325622768065210990364342808000899331722",
            "length": 566.0
        },
        "id": "CVE-2017-14500-993677e3",
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "src/queueloader.cpp"
        },
        "source": "https://github.com/akrennmair/newsbeuter/commit/c8fea2f60c18ed30bdd1bb6f798e994e51a58260",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "28945969528684604269056913412978480261",
                "328591584293568757866463690194581631448",
                "240226559374422634877135290719219586984",
                "111208244330724101130459863208369810773"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2017-14500-a6c43b70",
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "src/pb_controller.cpp",
            "function": "pb_controller::play_file"
        },
        "source": "https://github.com/akrennmair/newsbeuter/commit/c8fea2f60c18ed30bdd1bb6f798e994e51a58260",
        "deprecated": false,
        "digest": {
            "function_hash": "248584191656778447663072432663244477995",
            "length": 372.0
        },
        "id": "CVE-2017-14500-a9508c1c",
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "src/queueloader.cpp"
        },
        "source": "https://github.com/akrennmair/newsbeuter/commit/26f5a4350f3ab5507bb8727051c87bb04660f333",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "28945969528684604269056913412978480261",
                "328591584293568757866463690194581631448",
                "240226559374422634877135290719219586984",
                "111208244330724101130459863208369810773"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2017-14500-b1a77817",
        "signature_type": "Line"
    }
]