CVE-2014-3710

Опубликовано: 22 окт. 2014

Источник: redhat

CVSS2: 4.3

Описание

The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.

An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	file	Will not fix
Red Hat Enterprise Linux 5	php	Not affected
Red Hat Enterprise Linux 5	php53	Fixed	RHSA-2014:1768	30.10.2014
Red Hat Enterprise Linux 6	php	Fixed	RHSA-2014:1767	30.10.2014
Red Hat Enterprise Linux 6	file	Fixed	RHSA-2016:0760	10.05.2016
Red Hat Enterprise Linux 7	php	Fixed	RHSA-2014:1767	30.10.2014
Red Hat Enterprise Linux 7	file	Fixed	RHSA-2015:2155	19.11.2015
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6	php54-php	Fixed	RHSA-2014:1765	30.10.2014
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6	php55-php	Fixed	RHSA-2014:1766	30.10.2014
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS	php54-php	Fixed	RHSA-2014:1765	30.10.2014