Lucene search

K

[email protected]CVE-2014-3710

HistoryNov 05, 2014 - 11:55 a.m.

CVE-2014-3710

2014-11-0511:55:00

CWE-20

[email protected]

web.nvd.nist.gov

119

6

cve-2014-3710

fileinfo component

php 5.4.34

denial of service

out-of-bounds read

application crash

elf file

nvd

7.8 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.044 Low

EPSS

Percentile

92.3%

The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.

CPENameOperatorVersion
php:phpphplt5.6.3
php:phpphplt5.5.19
php:phpphplt5.4.35
debian:debian_linuxdebian debian linuxeq8.0
debian:debian_linuxdebian debian linuxeq7.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq10.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.04

References

git.php.net/?p=php-src.git%3Ba=commit%3Bh=1803228597e82218a8c105e67975bc50e6f5bf0d

linux.oracle.com/errata/ELSA-2014-1767.html

linux.oracle.com/errata/ELSA-2014-1768.html

lists.apple.com/archives/security-announce/2015/Apr/msg00001.html

lists.opensuse.org/opensuse-updates/2014-11/msg00113.html

rhn.redhat.com/errata/RHSA-2014-1765.html

rhn.redhat.com/errata/RHSA-2014-1766.html

rhn.redhat.com/errata/RHSA-2014-1767.html

rhn.redhat.com/errata/RHSA-2014-1768.html

rhn.redhat.com/errata/RHSA-2016-0760.html

secunia.com/advisories/60630

secunia.com/advisories/60699

secunia.com/advisories/61763

secunia.com/advisories/61970

secunia.com/advisories/61982

secunia.com/advisories/62347

secunia.com/advisories/62559

www.debian.org/security/2014/dsa-3072

www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

www.securityfocus.com/bid/70807

www.securitytracker.com/id/1031344

www.ubuntu.com/usn/USN-2391-1

www.ubuntu.com/usn/USN-2494-1

bugs.php.net/bug.php?id=68283

bugzilla.redhat.com/show_bug.cgi?id=1155071

github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0

security.gentoo.org/glsa/201503-03

security.gentoo.org/glsa/201701-42

support.apple.com/HT204659

www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc

Social References

More

7.8 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.044 Low

EPSS

Percentile

92.3%

Related for CVE-2014-3710

prion1 nessus43 ubuntucve1 debian4 openvas30 veracode4 mageia2 amazon3 fedora2 f52 debiancve1 osv3 archlinux2 securityvulns6 slackware1 ubuntu2 freebsd_advisory1 freebsd1 oraclelinux5 centos4 redhat6 gentoo2 ibm5