CVE-2014-3538

Severity

50%

Complexity

99%

Confidentiality

48%

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

Type

Christos Zoulas file

First reported 10 years ago

2014-07-03 14:55:00

Last updated 7 years ago

2018-01-05 02:29:00

Affected Software

Christos Zoulas file 5.00

5.00

Christos Zoulas file 5.01

5.01

Christos Zoulas file 5.02

5.02

Christos Zoulas file 5.03

5.03

Christos Zoulas file 5.04

5.04

Christos Zoulas file 5.05

5.05

Christos Zoulas file 5.06

5.06

Christos Zoulas file 5.07

5.07

Christos Zoulas file 5.08

5.08

Christos Zoulas file 5.09

5.09

Christos Zoulas file 5.10

5.10

Christos Zoulas file 5.11

5.11

Christos Zoulas file 5.12

5.12

Christos Zoulas file 5.13

5.13

Christos Zoulas file 5.14

5.14

Christos Zoulas file 5.15

5.15

Christos Zoulas file 5.16

5.16

Christos Zoulas file 5.17

5.17

References

APPLE-SA-2015-04-08-2

[file] 20140612 file-5.19 is now available

[oss-security] 20140630 changing CVE ID for RH Bugzilla 1098222 (from CVE-2014-0235)

RHSA-2014:1327

RHSA-2014:1765

RHSA-2014:1766

RHSA-2016:0760

60696

DSA-3008

DSA-3021

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

68348

https://bugzilla.redhat.com/show_bug.cgi?id=1098222

https://github.com/file/file/commit/4a284c89d6ef11aca34da65da7d673050a5ea320

Exploit, Patch

https://github.com/file/file/commit/69a5a43b3b71f53b0577f41264a073f495799610

Patch

https://github.com/file/file/commit/71a8b6c0d758acb0f73e2e51421a711b5e9d6668

Exploit, Patch

https://github.com/file/file/commit/74cafd7de9ec99a14f4480927580e501c8f852c3

Exploit, Patch

https://github.com/file/file/commit/758e066df72fb1ac08d2eea91ddc3973d259e991

Exploit, Patch

https://support.apple.com/HT204659

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.