Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-3538

Опубликовано: 27 июн. 2014
Источник: redhat
CVSS2: 4.3
EPSS Средний

Описание

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.

Multiple flaws were found in the File Information (fileinfo) extension regular expression rules for detecting various files. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to consume an excessive amount of CPU.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5cdrtoolsNot affected
Red Hat Enterprise Linux 5fileNot affected
Red Hat Enterprise Linux 5phpNot affected
Red Hat Enterprise Linux 5php53Not affected
Red Hat Enterprise Linux 5rpmNot affected
Red Hat Enterprise Linux 6phpNot affected
Red Hat Enterprise Linux 6fileFixedRHSA-2016:076010.05.2016
Red Hat Enterprise Linux 7phpFixedRHSA-2014:132730.09.2014
Red Hat Enterprise Linux 7fileFixedRHSA-2015:215519.11.2015
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6php54-phpFixedRHSA-2014:176530.10.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1098222file: unrestricted regular expression matching

EPSS

Процентиль: 93%
0.1025
Средний

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-3538

ubuntu
больше 11 лет назад

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.

nvd логотип

CVE-2014-3538

nvd
больше 11 лет назад

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.

debian логотип

CVE-2014-3538

debian
больше 11 лет назад

file before 5.19 does not properly restrict the amount of data read du ...

github логотип

GHSA-p2f8-8pr7-gprp

github
больше 3 лет назад

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.

fstec логотип

BDU:2015-00374

fstec
около 11 лет назад

Уязвимость программного обеспечения PHP, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации

EPSS

Процентиль: 93%
0.1025
Средний

4.3 Medium

CVSS2