5

CVE-2014-3710

The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version >= 5.4.0 < 5.4.35
PhpPhp Version >= 5.5.0 < 5.5.19
PhpPhp Version >= 5.6.0 < 5.6.3
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
CanonicalUbuntu Linux Version10.04 SwEdition-
CanonicalUbuntu Linux Version12.04 SwEdition-
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version14.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 14.01% 0.961
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
Third Party Advisory
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
Third Party Advisory
Mailing List
http://rhn.redhat.com/errata/RHSA-2014-1765.html
Third Party Advisory
https://support.apple.com/HT204659
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1766.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0760.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Third Party Advisory
http://linux.oracle.com/errata/ELSA-2014-1767.html
Third Party Advisory
http://linux.oracle.com/errata/ELSA-2014-1768.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1767.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1768.html
Third Party Advisory
http://secunia.com/advisories/60630
Third Party Advisory
http://secunia.com/advisories/60699
Third Party Advisory
http://secunia.com/advisories/61763
Third Party Advisory
http://secunia.com/advisories/61970
Third Party Advisory
http://secunia.com/advisories/61982
Third Party Advisory
http://www.ubuntu.com/usn/USN-2391-1
Third Party Advisory
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1803228597e82218a8c105e67975bc50e6f5bf0d
http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/62347
Third Party Advisory
http://secunia.com/advisories/62559
Third Party Advisory
http://www.debian.org/security/2014/dsa-3072
Third Party Advisory
http://www.securityfocus.com/bid/70807
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1031344
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2494-1
Third Party Advisory
https://bugs.php.net/bug.php?id=68283
Patch
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1155071
Third Party Advisory
Issue Tracking
https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0
Patch
Third Party Advisory
https://security.gentoo.org/glsa/201503-03
Third Party Advisory
https://security.gentoo.org/glsa/201701-42
Third Party Advisory
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc
Third Party Advisory