CVSS: 5.0EPSS: 1%CPEs: 23EXPL: 4CVE-2014-3538 – file: unrestricted regular expression matching
https://notcve.org/view.php?id=CVE-2014-3538
file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345. file anterior a 5.19 no restringe debidamente la cantidad de datos leídos durante una búsqueda regex, lo que permite a atacantes remotos causar una denegación de servicio (consumo de CPU) a través de un fichero manipulado que provoca un retroceso durante el procesamiento de una norma awk. NOTA: esta vulnerabilidad existe debido a una soluciona incompleta para CVE-2013-7345. Multiple flaws were found in the File Information (fileinfo) extension regular expression rules for detecting various files. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to consume an excessive amount of CPU. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://mx.gw.com/pipermail/file/2014/001553.html http://openwall.com/lists/oss-security/2014/06/30/7 http://rhn.redhat.com/errata/RHSA-2014-1327.html http://rhn.redhat.com/errata/RHSA-2014-1765.html http://rhn.redhat.com/errata/RHSA-2014-1766.html http://rhn.redhat.com/errata/RHSA-2016-0760.html http://secunia.com/advisories/60696 http://www.debian.org/security/2014/dsa-3008 http:/ • CWE-399: Resource Management Errors •
CVSS: 5.1EPSS: 94%CPEs: 14EXPL: 0CVE-2014-4049 – php: heap-based buffer overflow in DNS TXT record parsing
https://notcve.org/view.php?id=CVE-2014-4049
Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function. Desbordamiento de buffer basado en memoria dinámica en la función php_parserr en ext/standard/dns.c en PHP 5.6.0beta4 y anteriores permite a servidores remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un registro DNS TXT manipulado, relacionado con la función dns_get_record. A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT records. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html http://lists.opensuse.org/opensuse-updates/2014-06/msg00051.html http://lists.opensuse.org/opensuse-updates/2014-07/msg00032.html http://marc.info/?l=bugtraq&m=141017844705317&w=2 http://rhn.redhat.com/errata/RHSA-2014-1765.html http://rhn.redhat.com/errata/RHSA- • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3981
https://notcve.org/view.php?id=CVE-2014-3981
acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file. acinclude.m4, utilizado en la secuencia de comandos de configuración en PHP 5.5.13 y anteriores, permite a usuarios locales sobrescribir archivos arbitrarios a través de un ataque de enlace simbólico sobre el archivo /tmp/phpglibccheck. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=91bcadd85e20e50d3f8c2e9721327681640e6f16 http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://marc.info/?l=bugtraq&m=141017844705317&w=2 http://marc.info/?l=bugtraq&m=141390017113542&w=2 http://openwall.com/lists/oss-security/2014/06/06/12 http://seclists.org/fulldisclosure/2014/Jun/21 http://support.apple.com/kb/HT6443 http://www-01.ibm.com/support/docview.wss?uid=swg21683486 http://www.oracl • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.0EPSS: 4%CPEs: 5EXPL: 0CVE-2014-0237 – file: cdf_unpack_summary_info() excessive looping DoS
https://notcve.org/view.php?id=CVE-2014-0237
The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls. La función cdf_unpack_summary_info en cdf.c en el componente Fileinfo en PHP anterior a 5.4.29 y 5.5.x anterior a 5.5.13 permite a atacantes remotos causar una denegación de servicio (degradación de rendimiento) mediante la provocación de muchas llamadas file_printf. A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html http://rhn.redhat.com/errata/RHSA-2014-1765.html http://rhn.redhat.com/errata/RHSA-2014-1766.html http://secunia.com/advisories/59061 http://secunia.com/advisories/59329 http://secunia.com/advisories/59418 http://secunia.com/advisories/60998 http://support.apple.com/kb/HT6443 http://www-01.ibm.com/support/docview.wss?uid=swg21 • CWE-399: Resource Management Errors CWE-407: Inefficient Algorithmic Complexity •
CVSS: 5.0EPSS: 10%CPEs: 5EXPL: 0CVE-2014-0238 – file: CDF property info parsing nelements infinite loop
https://notcve.org/view.php?id=CVE-2014-0238
The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long. La función cdf_read_property_info en cdf.c en el componente Fileinfo en PHP anterior a 5.4.29 y 5.5.x anterior a 5.5.13 permite a atacantes remotos causar una denegación de servicio (bucle infinito o acceso a memoria fuera de rango) a través de un vector que (1) tiene longitud cero o (2) es demasiado largo. A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html http://rhn.redhat.com/errata/RHSA-2014-1765.html http://rhn.redhat.com/errata/RHSA-2014-1766.html http://secunia.com/advisories/59061 http://secunia.com/advisories/59329 http://secunia.com/advisories/59418 http://secunia.com/advisories/60998 http://support.apple.com/kb/HT6443 http://www-01.ibm.com/support/docview.wss?uid=swg21 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •