CVE - CVE-2014-3538

CVE-ID
CVE-2014-3538	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2015-04-08-2 URL:http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html BID:68348 URL:http://www.securityfocus.com/bid/68348 CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1098222 CONFIRM:https://github.com/file/file/commit/4a284c89d6ef11aca34da65da7d673050a5ea320 CONFIRM:https://github.com/file/file/commit/69a5a43b3b71f53b0577f41264a073f495799610 CONFIRM:https://github.com/file/file/commit/71a8b6c0d758acb0f73e2e51421a711b5e9d6668 CONFIRM:https://github.com/file/file/commit/74cafd7de9ec99a14f4480927580e501c8f852c3 CONFIRM:https://github.com/file/file/commit/758e066df72fb1ac08d2eea91ddc3973d259e991 CONFIRM:https://support.apple.com/HT204659 DEBIAN:DSA-3008 URL:http://www.debian.org/security/2014/dsa-3008 DEBIAN:DSA-3021 URL:http://www.debian.org/security/2014/dsa-3021 MLIST:[file] 20140612 file-5.19 is now available URL:http://mx.gw.com/pipermail/file/2014/001553.html MLIST:[oss-security] 20140630 changing CVE ID for RH Bugzilla 1098222 (from CVE-2014-0235) URL:http://openwall.com/lists/oss-security/2014/06/30/7 REDHAT:RHSA-2014:1327 URL:http://rhn.redhat.com/errata/RHSA-2014-1327.html REDHAT:RHSA-2014:1765 URL:http://rhn.redhat.com/errata/RHSA-2014-1765.html REDHAT:RHSA-2014:1766 URL:http://rhn.redhat.com/errata/RHSA-2014-1766.html REDHAT:RHSA-2016:0760 URL:http://rhn.redhat.com/errata/RHSA-2016-0760.html SECUNIA:60696 URL:http://secunia.com/advisories/60696
Assigning CNA
Red Hat, Inc.
Date Record Created
20140514	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20140514)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)