Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2013-7345
HistoryMar 24, 2014 - 4:31 p.m.

CVE-2013-7345

2014-03-2416:31:08
[email protected]
web.nvd.nist.gov
10

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.1

Confidence

Low

EPSS

0.004

Percentile

74.8%

JSON

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.

Affected configurations

Nvd
Node
christos_zoulasfileRange<5.15
Node
phpphpRange5.4.05.4.27
OR
phpphpRange5.5.05.5.11
Node
debiandebian_linuxMatch6.0
OR
debiandebian_linuxMatch7.0
OR
debiandebian_linuxMatch8.0
VendorProductVersionCPE
christos_zoulasfile*cpe:2.3:a:christos_zoulas:file:*:*:*:*:*:*:*:*
phpphp*cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
debiandebian_linux6.0cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
debiandebian_linux7.0cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Related

amazon 6
openvas 35
nessus 37
mageia 4
prion 2
gentoo 2
f5 2
slackware 1
cvelist 2
cve 2
debiancve 2
securityvulns 4
ubuntucve 2
nvd 1
veracode 4
fedora 6
freebsd 1
osv 3
freebsd_advisory 1
debian 5
ubuntu 1
redhat 2
oraclelinux 3
centos 1
amazon
amazon
Medium: php54
2014-04-25 16:04:00
Medium: file
2014-04-10 23:55:00
Medium: php54
2014-05-21 10:40:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2014-332)
2015-09-08 00:00:00
Gentoo Security Advisory GLSA 201408-08
2015-09-29 00:00:00
Amazon Linux: Security Advisory (ALAS-2014-343)
2015-09-08 00:00:00
nessus
nessus
openSUSE Security Update : file (openSUSE-SU-2014:0481-1)
2014-06-13 00:00:00
Fedora 20 : file-5.14-20.fc20 (2014-4340)
2014-03-27 00:00:00
Fedora 19 : php-5.5.11-1.fc19 (2014-4735)
2014-04-16 00:00:00
mageia
mageia
Updated file packages fix security vulnerabilities
2014-03-31 23:34:34
Updated php packages fix security vulnerability
2014-04-18 00:20:35
Updated file packages fix security vulnerability
2014-08-06 00:08:48
prion
prion
Design/Logic Flaw
2014-03-24 16:31:00
Design/Logic Flaw
2014-07-03 14:55:00
gentoo
gentoo
file: Denial of service
2014-08-26 00:00:00
PHP: Multiple vulnerabilities
2014-08-29 00:00:00
f5
f5
K15303 : PHP vulnerability CVE-2013-7345
2014-06-05 00:00:00
SOL15303 - PHP vulnerability CVE-2013-7345
2014-06-05 00:00:00
slackware
slackware
[slackware-security] php
2014-04-21 21:13:00
cvelist
cvelist
CVE-2013-7345
2014-03-23 15:00:00
CVE-2014-3538
2014-07-03 14:00:00
cve
cve
CVE-2013-7345
2014-03-24 16:31:08
CVE-2014-3538
2014-07-03 14:55:07
debiancve
debiancve
CVE-2013-7345
2014-03-24 16:31:08
CVE-2014-3538
2014-07-03 14:55:07
securityvulns
securityvulns
[slackware-security] php &#40;SSA:2014-111-02&#41;
2014-05-04 00:00:00
file utility / libmagic / PHP DoS
2014-05-04 00:00:00
APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004
2014-09-21 00:00:00
ubuntucve
ubuntucve
CVE-2013-7345
2014-03-24 00:00:00
CVE-2014-3538
2014-07-03 00:00:00
nvd
nvd
CVE-2014-3538
2014-07-03 14:55:07
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:11:28
Denial Of Service (DoS)
2019-05-02 05:04:17
Denial Of Service (DoS)
2019-05-02 05:04:16
fedora
fedora
[SECURITY] Fedora 20 Update: php-5.5.11-1.fc20
2014-04-15 15:57:56
[SECURITY] Fedora 20 Update: file-5.14-20.fc20
2014-03-27 04:52:02
[SECURITY] Fedora 20 Update: file-5.19-7.fc20
2014-10-29 11:03:54
freebsd
freebsd
FreeBSD -- Multiple vulnerabilities in file(1) and libmagic(3)
2014-06-24 00:00:00
osv
osv
php5 - security update
2014-11-04 00:00:00
php5 - security update
2014-09-30 00:00:00
php5 - security update
2014-08-21 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-14:16.file
2014-06-24 00:00:00
debian
debian
[SECURITY] [DLA 67-1] php5 security update
2014-09-30 07:41:52
[SECURITY] [DSA 3008-1] php5 security update
2014-08-21 06:22:21
[SECURITY] [DSA 3008-2] php5 regression update
2014-08-21 12:39:59
ubuntu
ubuntu
file vulnerabilities
2014-07-15 00:00:00
redhat
redhat
(RHSA-2014:1013) Moderate: php security update
2014-08-06 00:00:00
(RHSA-2014:1765) Important: php54-php security update
2014-10-30 00:00:00
oraclelinux
oraclelinux
php security update
2014-08-06 00:00:00
php security update
2014-09-30 00:00:00
php security and bug fix update
2015-06-23 00:00:00
centos
centos
php security update
2014-08-06 14:38:20

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.1

Confidence

Low

EPSS

0.004

Percentile

74.8%

JSON
Related for NVD:CVE-2013-7345
amazon6openvas35nessus37mageia4prion2gentoo2f52slackware1cvelist2cve2debiancve2securityvulns4ubuntucve2nvd1veracode4fedora6freebsd1osv3freebsd_advisory1debian5ubuntu1redhat2oraclelinux3centos1