Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2013-7345

Опубликовано: 24 мар. 2014
Источник: debian
EPSS Низкий

Описание

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
filefixed1:5.17-0.1package
php5fixed5.6.0+dfsg-1package
php5not-affectedsqueezepackage

Примечания

  • http://bugs.gw.com/view.php?id=164

  • fixed in commit ef2329cf71acb59204dd981e2c6cce6c81fe467c

  • Wheezy's php5 is vulnerable in 5.4.4-14+deb7u14. Verified by rebuilding

  • magic.mgc out of ext/fileinfo/data_info.c and "strings magic.mgc |grep BEGIN"

  • returns "^\s*BEGIN\s*[{]". Same test in squeeze does not

  • report the problematic string.

  • Good fix is to regenerate the file with "php5

  • create_data_file.php /usr/share/file/magic.mgc > data_info.c" once

  • you have a fixed libmagic1 installed.

  • fixed by php5 5.4.27 so DSA 3064-1 also fixed it in Wheezy

EPSS

Процентиль: 80%
0.01525
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2013-7345

ubuntu
больше 11 лет назад

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.

redhat логотип

CVE-2013-7345

redhat
больше 13 лет назад

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.

nvd логотип

CVE-2013-7345

nvd
больше 11 лет назад

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.

github логотип

GHSA-63f8-4qqh-pqqj

github
около 3 лет назад

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.

fstec логотип

BDU:2015-09777

fstec
почти 11 лет назад

Уязвимость операционной системы Gentoo Linux, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации

EPSS

Процентиль: 80%
0.01525
Низкий