Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2014-3538

Published: 03/07/2014 Updated: 19/01/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to File

Vulnerability Summary

file prior to 5.19 does not properly restrict the amount of data read during a regex search, which allows remote malicious users to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.

Vulnerable Product Search on Vulmon Subscribe to Product

christos zoulas file 5.00

christos zoulas file 5.04

christos zoulas file 5.10

christos zoulas file 5.07

christos zoulas file 5.02

christos zoulas file 5.03

christos zoulas file 5.11

christos zoulas file 5.16

christos zoulas file 5.12

christos zoulas file 5.17

christos zoulas file 5.05

christos zoulas file 5.13

christos zoulas file

christos zoulas file 5.14

christos zoulas file 5.01

christos zoulas file 5.08

christos zoulas file 5.06

christos zoulas file 5.15

christos zoulas file 5.09

php php

debian debian linux 8.0

debian debian linux 7.0

Vendor Advisories

Red Hat: Moderate: file security and bug fix update
Synopsis Moderate: file security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated file packages that fix multiple security issues and several bugsare now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having Moderate securityimpact Commo ...
Debian CVElist Bug Report Logs: php5: CVE-2015-4604 CVE-2015-4605
Debian Bug report logs - #783099 php5: CVE-2015-4604 CVE-2015-4605 Package: src:php5; Maintainer for src:php5 is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Reported by: Henri Salo <henri@nervfi> Date: Wed, 22 Apr 2015 08:39:01 UTC Severity: grave Tags: fixed-upstream, security, upstream Merged w ...
Ubuntu Security Notice: file vulnerabilities
File could be made to crash or hang if it processed specially crafted data ...
Debian Security Advisories: DSA-3021-1 file -- security update
Multiple security issues have been found in file, a tool to determine a file type These vulnerabilities allow remote attackers to cause a denial of service, via resource consumption or application crash For the stable distribution (wheezy), these problems have been fixed in version 511-2+deb7u4 For the testing distribution (jessie), these probl ...
Debian Security Advisories: DSA-3008-1 php5 -- security update
Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-3538 It was discovered that the original fix for CVE-2013-7345 did not sufficiently address the problem A remote attacke ...
Amazon Linux AMI: ALAS-2014-382
A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file Buffer overflow in the mconvert function in softmagicc in file before 519, as used in the F ...
Red Hat: CVE-2014-3538
Multiple flaws were found in the File Information (fileinfo) extension regular expression rules for detecting various files A remote attacker could use either of these flaws to cause a PHP application using fileinfo to consume an excessive amount of CPU ...

References

CWE-399https://github.com/file/file/commit/4a284c89d6ef11aca34da65da7d673050a5ea320https://github.com/file/file/commit/758e066df72fb1ac08d2eea91ddc3973d259e991https://github.com/file/file/commit/69a5a43b3b71f53b0577f41264a073f495799610https://github.com/file/file/commit/74cafd7de9ec99a14f4480927580e501c8f852c3https://bugzilla.redhat.com/show_bug.cgi?id=1098222http://openwall.com/lists/oss-security/2014/06/30/7https://github.com/file/file/commit/71a8b6c0d758acb0f73e2e51421a711b5e9d6668http://mx.gw.com/pipermail/file/2014/001553.htmlhttp://www.debian.org/security/2014/dsa-3008http://rhn.redhat.com/errata/RHSA-2014-1327.htmlhttp://www.debian.org/security/2014/dsa-3021http://rhn.redhat.com/errata/RHSA-2014-1766.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1765.htmlhttp://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlhttps://support.apple.com/HT204659http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlhttp://www.securityfocus.com/bid/68348http://secunia.com/advisories/60696http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0760.htmlhttps://access.redhat.com/errata/RHSA-2015:2155https://usn.ubuntu.com/2278-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-3538
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook