CVE-2014-3710

MEDIUM

Description

The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.

References

http://git.php.net/?p=php-src.git;a=commit;h=1803228597e82218a8c105e67975bc50e6f5bf0d

http://linux.oracle.com/errata/ELSA-2014-1767.html

http://linux.oracle.com/errata/ELSA-2014-1768.html

http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html

http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html

http://rhn.redhat.com/errata/RHSA-2014-1765.html

http://rhn.redhat.com/errata/RHSA-2014-1766.html

http://rhn.redhat.com/errata/RHSA-2014-1767.html

http://rhn.redhat.com/errata/RHSA-2014-1768.html

http://rhn.redhat.com/errata/RHSA-2016-0760.html

http://secunia.com/advisories/60630

http://secunia.com/advisories/60699

http://secunia.com/advisories/61763

http://secunia.com/advisories/61970

http://secunia.com/advisories/61982

http://secunia.com/advisories/62347

http://secunia.com/advisories/62559

http://www.debian.org/security/2014/dsa-3072

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.securityfocus.com/bid/70807

http://www.securitytracker.com/id/1031344

http://www.ubuntu.com/usn/USN-2391-1

http://www.ubuntu.com/usn/USN-2494-1

https://bugs.php.net/bug.php?id=68283

https://bugzilla.redhat.com/show_bug.cgi?id=1155071

https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0

https://security.gentoo.org/glsa/201503-03

https://security.gentoo.org/glsa/201701-42

https://support.apple.com/HT204659

https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc

Details

Source: MITRE

Published: 2014-11-05

Updated: 2018-01-05

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 5

Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM