Unrated severityNVD Advisory· Published Jan 16, 2015· Updated May 6, 2026

CVE-2014-9471

Description

The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command.

Affected products

GNU/Coreutils
cpe:2.3:a:gnu:coreutils:*:*:*:*:*:*:*:*
Range: <8.23
Canonical (company)/Ubuntu Linux3 versions
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

debbugs.gnu.org/cgi/bugreport.cginvdExploitThird Party Advisory
www.openwall.com/lists/oss-security/2014/11/25/1nvdExploitMailing ListThird Party Advisory
www.openwall.com/lists/oss-security/2015/01/03/11nvdExploitMailing ListThird Party Advisory
bugs.debian.org/cgi-bin/bugreport.cginvdExploitIssue TrackingThird Party Advisory
advisories.mageia.org/MGASA-2015-0029.htmlnvdThird Party Advisory
secunia.com/advisories/62226nvdThird Party Advisory
ubuntu.com/usn/usn-2473-1nvdThird Party Advisory
www.openwall.com/lists/oss-security/2014/11/25/4nvdMailing ListThird Party Advisory
security.gentoo.org/glsa/201612-22nvdThird Party Advisory
www.mandriva.com/security/advisoriesnvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000