Lucene search

[email protected]NVD:CVE-2014-3538

HistoryJul 03, 2014 - 2:55 p.m.

CVE-2014-3538

2014-07-0314:55:07

CWE-399

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

7.1

Confidence

High

EPSS

0.018

Percentile

88.1%

JSON

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.

Affected configurations

Nvd

Node

christos_zoulasfileRange≤5.18

christos_zoulasfileMatch5.00

christos_zoulasfileMatch5.01

christos_zoulasfileMatch5.02

christos_zoulasfileMatch5.03

christos_zoulasfileMatch5.04

christos_zoulasfileMatch5.05

christos_zoulasfileMatch5.06

christos_zoulasfileMatch5.07

christos_zoulasfileMatch5.08

christos_zoulasfileMatch5.09

christos_zoulasfileMatch5.10

christos_zoulasfileMatch5.11

christos_zoulasfileMatch5.12

christos_zoulasfileMatch5.13

christos_zoulasfileMatch5.14

christos_zoulasfileMatch5.15

christos_zoulasfileMatch5.16

christos_zoulasfileMatch5.17

Node

phpphpRange5.4.0–5.4.32

phpphpRange5.5.0–5.5.16

Node

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

VendorProductVersionCPE
christos_zoulasfile*cpe:2.3:a:christos_zoulas:file:*:*:*:*:*:*:*:*
christos_zoulasfile5.00cpe:2.3:a:christos_zoulas:file:5.00:*:*:*:*:*:*:*
christos_zoulasfile5.01cpe:2.3:a:christos_zoulas:file:5.01:*:*:*:*:*:*:*
christos_zoulasfile5.02cpe:2.3:a:christos_zoulas:file:5.02:*:*:*:*:*:*:*
christos_zoulasfile5.03cpe:2.3:a:christos_zoulas:file:5.03:*:*:*:*:*:*:*
christos_zoulasfile5.04cpe:2.3:a:christos_zoulas:file:5.04:*:*:*:*:*:*:*
christos_zoulasfile5.05cpe:2.3:a:christos_zoulas:file:5.05:*:*:*:*:*:*:*
christos_zoulasfile5.06cpe:2.3:a:christos_zoulas:file:5.06:*:*:*:*:*:*:*
christos_zoulasfile5.07cpe:2.3:a:christos_zoulas:file:5.07:*:*:*:*:*:*:*
christos_zoulasfile5.08cpe:2.3:a:christos_zoulas:file:5.08:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
christos_zoulas	file	*	cpe:2.3:a:christos_zoulas:file::::::::
christos_zoulas	file	5.00	cpe:2.3:a:christos_zoulas:file:5.00:::::::*
christos_zoulas	file	5.01	cpe:2.3:a:christos_zoulas:file:5.01:::::::*
christos_zoulas	file	5.02	cpe:2.3:a:christos_zoulas:file:5.02:::::::*
christos_zoulas	file	5.03	cpe:2.3:a:christos_zoulas:file:5.03:::::::*
christos_zoulas	file	5.04	cpe:2.3:a:christos_zoulas:file:5.04:::::::*
christos_zoulas	file	5.05	cpe:2.3:a:christos_zoulas:file:5.05:::::::*
christos_zoulas	file	5.06	cpe:2.3:a:christos_zoulas:file:5.06:::::::*
christos_zoulas	file	5.07	cpe:2.3:a:christos_zoulas:file:5.07:::::::*
christos_zoulas	file	5.08	cpe:2.3:a:christos_zoulas:file:5.08:::::::*