CVE-2014-3538

Published Jul 3, 2014

Last updated 2 years ago

Overview

Description: file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.
Source: secalert@redhat.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-399

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:christos_zoulas:file:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FCDEA321-FC13-42AE-9250-0C6055D9B280",
            "versionEndIncluding": "5.18"
          },
          {
            "criteria": "cpe:2.3:a:christos_zoulas:file:5.00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6FF256D-3DD4-41A8-B119-D20A493A6EA5"
          },
          {
            "criteria": "cpe:2.3:a:christos_zoulas:file:5.01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1981126-D773-49B6-BD3D-F17BC37352CC"
          },
          {
            "criteria": "cpe:2.3:a:christos_zoulas:file:5.02:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00EF31A2-E788-4111-8C46-DB6C8F8724C0"
          },
          {
            "criteria": "cpe:2.3:a:christos_zoulas:file:5.03:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1587EAB1-5322-4264-A7E5-D70DA68F6B80"
          },
          {
            "criteria": "cpe:2.3:a:christos_zoulas:file:5.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC514A20-168F-4653-8BBA-D068ACA3D2E8"
          },
          {
            "criteria": "cpe:2.3:a:christos_zoulas:file:5.05:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE0F4E1A-EA88-4858-9431-E82B2D415FB5"
          },
          {
            "criteria": "cpe:2.3:a:christos_zoulas:file:5.06:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7D0625D-452F-4CE1-9A5F-6439AB6DE981"
          },
          {
            "criteria": "cpe:2.3:a:christos_zoulas:file:5.07:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ECBFF148-DEAA-4D7C-9CFC-556FEADAB619"
          },
          {
            "criteria": "cpe:2.3:a:christos_zoulas:file:5.08:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C99F7C59-F1C5-4202-A86F-90173D0FCF62"
          },
          {
            "criteria": "cpe:2.3:a:christos_zoulas:file:5.09:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0AA7E7E-60C1-40BD-AD21-5FDD92485FD2"
          },
          {
            "criteria": "cpe:2.3:a:christos_zoulas:file:5.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA4DBB2C-5C87-42C8-BA3D-FF852C467013"
          },
          {
            "criteria": "cpe:2.3:a:christos_zoulas:file:5.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B513E684-36C2-45D7-A166-3B42018AB79C"
          },
          {
            "criteria": "cpe:2.3:a:christos_zoulas:file:5.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5BBA4D40-EE73-4F38-ABA6-3840A67F097F"
          },
          {
            "criteria": "cpe:2.3:a:christos_zoulas:file:5.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A647100-18D6-4741-B147-BBA95215BF2E"
          },
          {
            "criteria": "cpe:2.3:a:christos_zoulas:file:5.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6A554A0-AA80-419E-AEBD-6E659300316C"
          },
          {
            "criteria": "cpe:2.3:a:christos_zoulas:file:5.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91B2F536-84E5-44A6-B515-2BD68E9906B3"
          },
          {
            "criteria": "cpe:2.3:a:christos_zoulas:file:5.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3814C047-D9FF-44E6-94FE-29B3B0F9F53A"
          },
          {
            "criteria": "cpe:2.3:a:christos_zoulas:file:5.17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B56BEB99-306B-438A-81E4-212AF53D0719"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8CA4B7F2-077A-4430-9C97-B9E4D6702A4E",
            "versionEndExcluding": "5.4.32",
            "versionStartIncluding": "5.4.0"
          },
          {
            "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41894FC6-A57E-40F1-B05F-24E89B1D7810",
            "versionEndExcluding": "5.5.16",
            "versionStartIncluding": "5.5.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References