5

CVE-2013-7345

Exploit
The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Christos ZoulasFile Version < 5.15
PhpPhp Version >= 5.4.0 < 5.4.27
PhpPhp Version >= 5.5.0 < 5.5.11
DebianDebian Linux Version6.0
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.04% 0.859
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://rhn.redhat.com/errata/RHSA-2014-1765.html
Third Party Advisory
http://support.apple.com/kb/HT6443
Third Party Advisory
http://www.debian.org/security/2014/dsa-2873
Third Party Advisory
http://bugs.gw.com/view.php?id=164
Patch
Third Party Advisory
Exploit
Broken Link
Issue Tracking
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993
Third Party Advisory
Issue Tracking
https://github.com/file/file/commit/ef2329cf71acb59204dd981e2c6cce6c81fe467c
Patch
Third Party Advisory
Exploit