Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-0237

Опубликовано: 29 мая 2014
Источник: redhat
CVSS2: 4.3
EPSS Средний

Описание

The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.

A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.

Отчет

This issue did not affect the php and the file packages as shipped with Red Hat Enterprise Linux 5. This issue affects the versions of file as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5cdrtoolsNot affected
Red Hat Enterprise Linux 5fileNot affected
Red Hat Enterprise Linux 5phpNot affected
Red Hat Enterprise Linux 5rpmNot affected
Red Hat Enterprise Linux 5php53FixedRHSA-2014:101206.08.2014
Red Hat Enterprise Linux 6phpFixedRHSA-2014:101206.08.2014
Red Hat Enterprise Linux 6fileFixedRHSA-2014:160613.10.2014
Red Hat Enterprise Linux 7phpFixedRHSA-2014:101306.08.2014
Red Hat Enterprise Linux 7fileFixedRHSA-2015:215519.11.2015
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6php54-phpFixedRHSA-2014:176530.10.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-407
https://bugzilla.redhat.com/show_bug.cgi?id=1098193file: cdf_unpack_summary_info() excessive looping DoS

EPSS

Процентиль: 98%
0.50629
Средний

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-0237

ubuntu
около 11 лет назад

The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.

nvd логотип

CVE-2014-0237

nvd
около 11 лет назад

The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.

debian логотип

CVE-2014-0237

debian
около 11 лет назад

The cdf_unpack_summary_info function in cdf.c in the Fileinfo componen ...

github логотип

GHSA-9f63-6gmg-2983

github
около 3 лет назад

The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.

fstec логотип

BDU:2015-00088

fstec
около 11 лет назад

Уязвимость интерпретатора PHP, позволяющая удаленному злоумышленнику вызвать отказ в обслуживании

EPSS

Процентиль: 98%
0.50629
Средний

4.3 Medium

CVSS2

Уязвимость CVE-2014-0237