Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2013-7345

Опубликовано: 31 дек. 2011
Источник: redhat
CVSS2: 4.3
EPSS Низкий

Описание

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.

A denial of service flaw was found in the File Information (fileinfo) extension rules for detecting AWK files. A remote attacker could use this flaw to cause a PHP application using fileinfo to consume an excessive amount of CPU.

Отчет

This issue did not affect the versions of file as shipped with Red Hat Enterprise Linux 5, 6, and 7, the versions of php as shipped with Red Hat Enterprise Linux 5 and 6, and the versions of php53 as shipped with Red Hat Enterprise Linux 5.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5cdrtoolsNot affected
Red Hat Enterprise Linux 5fileNot affected
Red Hat Enterprise Linux 5phpNot affected
Red Hat Enterprise Linux 5php53Not affected
Red Hat Enterprise Linux 5rpmNot affected
Red Hat Enterprise Linux 6fileNot affected
Red Hat Enterprise Linux 6phpNot affected
Red Hat Enterprise Linux 7fileNot affected
Red Hat Software Collectionsphp55-phpAffected
Red Hat Enterprise Linux 7phpFixedRHSA-2014:101306.08.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-407
https://bugzilla.redhat.com/show_bug.cgi?id=1079846file: extensive backtracking in awk rule regular expression

EPSS

Процентиль: 80%
0.01525
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2013-7345

ubuntu
больше 11 лет назад

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.

nvd логотип

CVE-2013-7345

nvd
больше 11 лет назад

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.

debian логотип

CVE-2013-7345

debian
больше 11 лет назад

The BEGIN regular expression in the awk script detector in magic/Magdi ...

github логотип

GHSA-63f8-4qqh-pqqj

github
около 3 лет назад

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.

fstec логотип

BDU:2015-09777

fstec
почти 11 лет назад

Уязвимость операционной системы Gentoo Linux, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации

EPSS

Процентиль: 80%
0.01525
Низкий

4.3 Medium

CVSS2