Lucene search

K
nvd[email protected]NVD:CVE-2014-9653
HistoryMar 30, 2015 - 10:59 a.m.

CVE-2014-9653

2015-03-3010:59:03
CWE-20
web.nvd.nist.gov
7

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

High

EPSS

0.061

Percentile

93.7%

readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.

Affected configurations

Nvd
Node
file_projectfileRange5.21
Node
phpphpRange5.4.36
OR
phpphpMatch5.5.0
OR
phpphpMatch5.5.0alpha1
OR
phpphpMatch5.5.0alpha2
OR
phpphpMatch5.5.0alpha3
OR
phpphpMatch5.5.0alpha4
OR
phpphpMatch5.5.0alpha5
OR
phpphpMatch5.5.0alpha6
OR
phpphpMatch5.5.0beta1
OR
phpphpMatch5.5.0beta2
OR
phpphpMatch5.5.0beta3
OR
phpphpMatch5.5.0beta4
OR
phpphpMatch5.5.0rc1
OR
phpphpMatch5.5.0rc2
OR
phpphpMatch5.5.1
OR
phpphpMatch5.5.2
OR
phpphpMatch5.5.3
OR
phpphpMatch5.5.4
OR
phpphpMatch5.5.5
OR
phpphpMatch5.5.6
OR
phpphpMatch5.5.7
OR
phpphpMatch5.5.8
OR
phpphpMatch5.5.9
OR
phpphpMatch5.5.10
OR
phpphpMatch5.5.11
OR
phpphpMatch5.5.12
OR
phpphpMatch5.5.13
OR
phpphpMatch5.5.14
OR
phpphpMatch5.5.15
OR
phpphpMatch5.5.16
OR
phpphpMatch5.5.17
OR
phpphpMatch5.5.18
OR
phpphpMatch5.5.19
OR
phpphpMatch5.5.20
OR
phpphpMatch5.6.0alpha1
OR
phpphpMatch5.6.0alpha2
OR
phpphpMatch5.6.0alpha3
OR
phpphpMatch5.6.0alpha4
OR
phpphpMatch5.6.0alpha5
OR
phpphpMatch5.6.0beta1
OR
phpphpMatch5.6.0beta2
OR
phpphpMatch5.6.0beta3
OR
phpphpMatch5.6.0beta4
OR
phpphpMatch5.6.1
OR
phpphpMatch5.6.2
OR
phpphpMatch5.6.3
OR
phpphpMatch5.6.4
Node
debiandebian_linuxMatch7.0
VendorProductVersionCPE
file_projectfile*cpe:2.3:a:file_project:file:*:*:*:*:*:*:*:*
phpphp*cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
phpphp5.5.0cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*
phpphp5.5.0cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*
phpphp5.5.0cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*
phpphp5.5.0cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*
phpphp5.5.0cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*
phpphp5.5.0cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*
phpphp5.5.0cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*
phpphp5.5.0cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*
Rows per page:
1-10 of 491

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

High

EPSS

0.061

Percentile

93.7%