Launchpad CVE tracker

CVE 2014-3538

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.

Related bugs and status

CVE-2014-3538 (Candidate) is related to these bugs:

Bug #1360148: UPDATE REQUEST: php54 5.4.32 is available upstream

Summary				In	Importance	Status
	1360148	UPDATE REQUEST: php54 5.4.32 is available upstream		IUS Community Project	Undecided	Fix Released

Bug #1360150: UPDATE REQUEST: php55u 5.5.16 is available upstream

Summary				In	Importance	Status
	1360150	UPDATE REQUEST: php55u 5.5.16 is available upstream		IUS Community Project	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [file] 20140612 file-5...
MLIST: [oss-security] 2014063...
CONFIRM: https://bugzilla.redha...
CONFIRM: https://github.com/fil...
CONFIRM: https://github.com/fil...
CONFIRM: https://github.com/fil...
CONFIRM: https://github.com/fil...
CONFIRM: https://github.com/fil...
DEBIAN: DSA-3008
REDHAT: RHSA-2014:1327
DEBIAN: DSA-3021
REDHAT: RHSA-2014:1765
REDHAT: RHSA-2014:1766
CONFIRM: https://support.apple....
APPLE: APPLE-SA-2015-04-08-2
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
BID: 68348
SECUNIA: 60696
CONFIRM: http://www.oracle.com/...
REDHAT: RHSA-2016:0760

Launchpad.net

CVE 2014-3538

Related bugs and status

Related bugs

References