CVE-2014-9620

Опубликовано: 03 янв. 2015

Источник: redhat

CVSS2: 1.9

EPSS Низкий

Описание

The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.

A flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	cdrtools	Not affected
Red Hat Enterprise Linux 5	file	Will not fix
Red Hat Enterprise Linux 5	php53	Not affected
Red Hat Enterprise Linux 5	rpm	Will not fix
Red Hat Enterprise Linux 6	php	Not affected
Red Hat Enterprise Linux 7	file	Will not fix
Red Hat Enterprise Linux 7	php	Not affected
Red Hat Software Collections	php54-php	Not affected
Red Hat Software Collections	php55-php	Not affected
Red Hat Software Collections	rh-php56-php	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-770

https://bugzilla.redhat.com/show_bug.cgi?id=1180639file: limit the number of ELF notes processed

EPSS

Процентиль: 86%

0.03175

Низкий

1.9 Low

CVSS2

Связанные уязвимости

CVE-2014-9620

ubuntu

больше 10 лет назад

The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.

CVE-2014-9620

nvd

больше 10 лет назад

The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.

CVE-2014-9620

debian

больше 10 лет назад

The ELF parser in file 5.08 through 5.21 allows remote attackers to ca ...

GHSA-7ffm-2w4x-4wm5

github

около 3 лет назад

The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.

openSUSE-SU-2017:3067-1

suse-cvrf

больше 7 лет назад

Security update for file

EPSS

Процентиль: 86%

0.03175

Низкий

1.9 Low

CVSS2