Denial Of Service (DoS) Through Out-of-Bounds Access

2018-08-1318:00:16

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

JSON

libmagic.so is vulnerable to denial of service (DoS) attacks. The library does properly check offsets of a PE Executable file, leading to an out-of-bounds access that can crash the application.

CPENameOperatorVersion
libmagic.soeq1.0.0
php54-phpeq5.4.16__16.el6
php54-phpeq5.4.16__7.el6
php54-phpeq5.4.16__7.el6.1
php53eq5.3.3__13.el5_9.1
php53eq5.3.3__13.el5_8
php53eq5.3.3__22.el5_10
php53eq5.3.3__1.el5_7.6
php53eq5.3.3__7.el5_8
php53eq5.3.3__1.el5_7.5

Name	Operator	Version
libmagic.so	eq	1.0.0
php54-php	eq	5.4.16__16.el6
php54-php	eq	5.4.16__7.el6
php54-php	eq	5.4.16__7.el6.1
php53	eq	5.3.3__13.el5_9.1
php53	eq	5.3.3__13.el5_8
php53	eq	5.3.3__22.el5_10
php53	eq	5.3.3__1.el5_7.6
php53	eq	5.3.3__7.el5_8
php53	eq	5.3.3__1.el5_7.5