CVE-2014-3538
file: unrestricted regular expression matching
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
4
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.
file anterior a 5.19 no restringe debidamente la cantidad de datos leídos durante una búsqueda regex, lo que permite a atacantes remotos causar una denegación de servicio (consumo de CPU) a través de un fichero manipulado que provoca un retroceso durante el procesamiento de una norma awk. NOTA: esta vulnerabilidad existe debido a una soluciona incompleta para CVE-2013-7345.
Multiple flaws were found in the File Information (fileinfo) extension regular expression rules for detecting various files. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to consume an excessive amount of CPU.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-05-14 CVE Reserved
- 2014-07-03 CVE Published
- 2024-02-13 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-399: Resource Management Errors
CAPEC
References (23)
| URL | Tag | Source |
|---|---|---|
| http://mx.gw.com/pipermail/file/2014/001553.html | Broken Link | |
| http://openwall.com/lists/oss-security/2014/06/30/7 | Mailing List | |
| http://secunia.com/advisories/60696 | Third Party Advisory | |
| http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html | Third Party Advisory |
|
| http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | Third Party Advisory |
|
| http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html | Third Party Advisory |
|
| http://www.securityfocus.com/bid/68348 | Third Party Advisory | |
| https://support.apple.com/HT204659 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | 2023-01-19 | |
| https://github.com/file/file/commit/69a5a43b3b71f53b0577f41264a073f495799610 | 2023-01-19 |
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html | 2023-01-19 | |
| http://rhn.redhat.com/errata/RHSA-2014-1327.html | 2023-01-19 | |
| http://rhn.redhat.com/errata/RHSA-2014-1765.html | 2023-01-19 | |
| http://rhn.redhat.com/errata/RHSA-2014-1766.html | 2023-01-19 | |
| http://rhn.redhat.com/errata/RHSA-2016-0760.html | 2023-01-19 | |
| http://www.debian.org/security/2014/dsa-3008 | 2023-01-19 | |
| http://www.debian.org/security/2014/dsa-3021 | 2023-01-19 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1098222 | 2016-05-10 | |
| https://access.redhat.com/security/cve/CVE-2014-3538 | 2016-05-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | <= 5.18 Search vendor "Christos Zoulas" for product "File" and version " <= 5.18" | - |
Affected
| ||||||
| Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | 5.00 Search vendor "Christos Zoulas" for product "File" and version "5.00" | - |
Affected
| ||||||
| Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | 5.01 Search vendor "Christos Zoulas" for product "File" and version "5.01" | - |
Affected
| ||||||
| Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | 5.02 Search vendor "Christos Zoulas" for product "File" and version "5.02" | - |
Affected
| ||||||
| Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | 5.03 Search vendor "Christos Zoulas" for product "File" and version "5.03" | - |
Affected
| ||||||
| Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | 5.04 Search vendor "Christos Zoulas" for product "File" and version "5.04" | - |
Affected
| ||||||
| Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | 5.05 Search vendor "Christos Zoulas" for product "File" and version "5.05" | - |
Affected
| ||||||
| Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | 5.06 Search vendor "Christos Zoulas" for product "File" and version "5.06" | - |
Affected
| ||||||
| Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | 5.07 Search vendor "Christos Zoulas" for product "File" and version "5.07" | - |
Affected
| ||||||
| Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | 5.08 Search vendor "Christos Zoulas" for product "File" and version "5.08" | - |
Affected
| ||||||
| Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | 5.09 Search vendor "Christos Zoulas" for product "File" and version "5.09" | - |
Affected
| ||||||
| Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | 5.10 Search vendor "Christos Zoulas" for product "File" and version "5.10" | - |
Affected
| ||||||
| Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | 5.11 Search vendor "Christos Zoulas" for product "File" and version "5.11" | - |
Affected
| ||||||
| Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | 5.12 Search vendor "Christos Zoulas" for product "File" and version "5.12" | - |
Affected
| ||||||
| Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | 5.13 Search vendor "Christos Zoulas" for product "File" and version "5.13" | - |
Affected
| ||||||
| Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | 5.14 Search vendor "Christos Zoulas" for product "File" and version "5.14" | - |
Affected
| ||||||
| Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | 5.15 Search vendor "Christos Zoulas" for product "File" and version "5.15" | - |
Affected
| ||||||
| Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | 5.16 Search vendor "Christos Zoulas" for product "File" and version "5.16" | - |
Affected
| ||||||
| Christos Zoulas Search vendor "Christos Zoulas" | File Search vendor "Christos Zoulas" for product "File" | 5.17 Search vendor "Christos Zoulas" for product "File" and version "5.17" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 5.4.0 < 5.4.32 Search vendor "Php" for product "Php" and version " >= 5.4.0 < 5.4.32" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 5.5.0 < 5.5.16 Search vendor "Php" for product "Php" and version " >= 5.5.0 < 5.5.16" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||