Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-1943

Опубликовано: 10 фев. 2014
Источник: redhat
CVSS2: 4.3
EPSS Средний

Описание

Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.

A denial of service flaw was found in the way the File Information (fileinfo) extension handled indirect rules. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU.

Отчет

This issue did not affect the php packages as shipped with Red Hat Enterprise Linux 5. This issue did not affect the php packages as shipped with Red Hat Enterprise Linux 7.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5cdrtoolsNot affected
Red Hat Enterprise Linux 5fileNot affected
Red Hat Enterprise Linux 5phpNot affected
Red Hat Enterprise Linux 5rpmNot affected
Red Hat Enterprise Linux 7fileNot affected
Red Hat Enterprise Linux 7phpNot affected
Red Hat Software Collectionsphp55-phpAffected
Red Hat Enterprise Linux 5php53FixedRHSA-2014:101206.08.2014
Red Hat Enterprise Linux 6phpFixedRHSA-2014:101206.08.2014
Red Hat Enterprise Linux 6fileFixedRHSA-2014:160613.10.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-835
https://bugzilla.redhat.com/show_bug.cgi?id=1065836file: unrestricted recursion in handling of indirect type rules

EPSS

Процентиль: 96%
0.29124
Средний

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-1943

ubuntu
больше 11 лет назад

Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.

nvd логотип

CVE-2014-1943

nvd
больше 11 лет назад

Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.

debian логотип

CVE-2014-1943

debian
больше 11 лет назад

Fine Free file before 5.17 allows context-dependent attackers to cause ...

github логотип

GHSA-2r4w-c5qm-vpx8

github
около 3 лет назад

Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.

fstec логотип

BDU:2015-09765

fstec
больше 11 лет назад

Уязвимость операционной системы Gentoo Linux, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации

EPSS

Процентиль: 96%
0.29124
Средний

4.3 Medium

CVSS2