5

CVE-2014-3538

Exploit
file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Christos ZoulasFile Version <= 5.18
Christos ZoulasFile Version5.00
Christos ZoulasFile Version5.01
Christos ZoulasFile Version5.02
Christos ZoulasFile Version5.03
Christos ZoulasFile Version5.04
Christos ZoulasFile Version5.05
Christos ZoulasFile Version5.06
Christos ZoulasFile Version5.07
Christos ZoulasFile Version5.08
Christos ZoulasFile Version5.09
Christos ZoulasFile Version5.10
Christos ZoulasFile Version5.11
Christos ZoulasFile Version5.12
Christos ZoulasFile Version5.13
Christos ZoulasFile Version5.14
Christos ZoulasFile Version5.15
Christos ZoulasFile Version5.16
Christos ZoulasFile Version5.17
PhpPhp Version >= 5.4.0 < 5.4.32
PhpPhp Version >= 5.5.0 < 5.5.16
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 11.81% 0.956
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Patch
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
Third Party Advisory
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
Third Party Advisory
Mailing List
http://rhn.redhat.com/errata/RHSA-2014-1765.html
Third Party Advisory
https://support.apple.com/HT204659
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1327.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1766.html
Third Party Advisory
http://www.debian.org/security/2014/dsa-3021
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Third Party Advisory
http://mx.gw.com/pipermail/file/2014/001553.html
Broken Link
http://openwall.com/lists/oss-security/2014/06/30/7
Third Party Advisory
Mailing List
http://rhn.redhat.com/errata/RHSA-2016-0760.html
Third Party Advisory
http://secunia.com/advisories/60696
Third Party Advisory
http://www.debian.org/security/2014/dsa-3008
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Third Party Advisory
http://www.securityfocus.com/bid/68348
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1098222
Third Party Advisory
Issue Tracking
https://github.com/file/file/commit/4a284c89d6ef11aca34da65da7d673050a5ea320
Patch
Third Party Advisory
Exploit
https://github.com/file/file/commit/69a5a43b3b71f53b0577f41264a073f495799610
Patch
Third Party Advisory
https://github.com/file/file/commit/71a8b6c0d758acb0f73e2e51421a711b5e9d6668
Patch
Third Party Advisory
Exploit
https://github.com/file/file/commit/74cafd7de9ec99a14f4480927580e501c8f852c3
Patch
Third Party Advisory
Exploit
https://github.com/file/file/commit/758e066df72fb1ac08d2eea91ddc3973d259e991
Patch
Third Party Advisory
Exploit