CVE-2014-3538

2014-07-0300:00:00

ubuntu.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.018 Low

EPSS

Percentile

87.9%

JSON

file before 5.19 does not properly restrict the amount of data read during
a regex search, which allows remote attackers to cause a denial of service
(CPU consumption) via a crafted file that triggers backtracking during
processing of an awk rule. NOTE: this vulnerability exists because of an
incomplete fix for CVE-2013-7345.

Notes

Author	Note
mdeslaur	This fix introduces new functionnality and is too intrusive to backport to lucid.

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchfile< 5.09-2ubuntu0.4UNKNOWN
ubuntu13.10noarchfile< 5.11-2ubuntu4.3UNKNOWN
ubuntu14.04noarchfile< 1:5.14-2ubuntu3.1UNKNOWN