CVE-2014-2270

Опубликовано: 20 дек. 2013

Источник: redhat

CVSS2: 4.3

Описание

softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.

A denial of service flaw was found in the way the File Information (fileinfo) extension handled search rules. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU.

Отчет

This issue did not affect the php packages as shipped with Red Hat Enterprise Linux 5. This issue did not affect the php packages as shipped with Red Hat Enterprise Linux 7.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	cdrtools	Will not fix
Red Hat Enterprise Linux 5	file	Affected
Red Hat Enterprise Linux 5	php	Not affected
Red Hat Enterprise Linux 5	rpm	Will not fix
Red Hat Enterprise Linux 7	file	Not affected
Red Hat Enterprise Linux 7	php	Not affected
Red Hat Software Collections	php55-php	Affected
Red Hat Enterprise Linux 5	php53	Fixed	RHSA-2014:1012	06.08.2014
Red Hat Enterprise Linux 6	php	Fixed	RHSA-2014:1012	06.08.2014
Red Hat Enterprise Linux 6	file	Fixed	RHSA-2014:1606	13.10.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-190->CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=1072220file: out-of-bounds access in search rules with offsets from input file

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2014-2270

ubuntu

больше 11 лет назад

CVE-2014-2270

nvd

больше 11 лет назад

CVE-2014-2270

debian

больше 11 лет назад

softmagic.c in file before 5.17 and libmagic allows context-dependent ...

GHSA-33vf-9722-2226

github

около 3 лет назад

ELSA-2014-1606

oracle-oval

больше 10 лет назад

ELSA-2014-1606: file security and bug fix update (MODERATE)

4.3 Medium

CVSS2