CVE-2014-8116

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.

References

http://advisories.mageia.org/MGASA-2015-0040.html

http://rhn.redhat.com/errata/RHSA-2016-0760.html

http://seclists.org/oss-sec/2014/q4/1056

http://secunia.com/advisories/61944

http://secunia.com/advisories/62081

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.securityfocus.com/bid/71700

http://www.securitytracker.com/id/1031344

http://www.ubuntu.com/usn/USN-2494-1

https://github.com/file/file/blob/00cef282a902a4a6709bbbbb933ee397768caa38/ChangeLog

https://github.com/file/file/commit/b4c01141e5367f247b84dcaf6aefbb4e741842b8

https://github.com/file/file/commit/d7cdad007c507e6c79f51f058dd77fab70ceb9f6

https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc

Details

Source: MITRE

Published: 2014-12-17

Updated: 2018-01-05

Type: CWE-399

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:file_project:file:5.20:*:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*

Tenable Plugins

View all (23 total)

IDNameProductFamilySeverity
106092SUSE SLES12 Security Update : CaaS Platform 2.0 images (SUSE-SU-2018:0053-1)NessusSuSE Local Security Checks
critical
104777SUSE SLED12 / SLES12 Security Update : file (SUSE-SU-2017:3048-1)NessusSuSE Local Security Checks
high
104764openSUSE Security Update : file (openSUSE-2017-1298)NessusSuSE Local Security Checks
high
97420F5 Networks BIG-IP : Linux file utility vulnerabilities (K16347)NessusF5 Networks Local Security Checks
medium
91537Scientific Linux Security Update : file on SL6.x i386/x86_64 (20160510)NessusScientific Linux Local Security Checks
high
91167CentOS 6 : file (CESA-2016:0760)NessusCentOS Local Security Checks
high
91155OracleVM 3.3 / 3.4 : file (OVMSA-2016-0050)NessusOracleVM Local Security Checks
high
91149Oracle Linux 6 : file (ELSA-2016-0760)NessusOracle Linux Local Security Checks
high
91074RHEL 6 : file (RHSA-2016:0760)NessusRed Hat Local Security Checks
high
87555Scientific Linux Security Update : file on SL7.x x86_64 (20151119)NessusScientific Linux Local Security Checks
high
87137CentOS 7 : file (CESA-2015:2155)NessusCentOS Local Security Checks
high
87027Oracle Linux 7 : file (ELSA-2015-2155)NessusOracle Linux Local Security Checks
high
86973RHEL 7 : file (RHSA-2015:2155)NessusRed Hat Local Security Checks
high
83657SUSE SLED12 / SLES12 Security Update : file (SUSE-SU-2014:1730-1)NessusSuSE Local Security Checks
medium
82333Mandriva Linux Security Advisory : php (MDVSA-2015:080)NessusMandriva Local Security Checks
high
82114Debian DLA-131-1 : file security updateNessusDebian Local Security Checks
medium
82046Amazon Linux AMI : file (ALAS-2015-497)NessusAmazon Linux Local Security Checks
high
81394Fedora 21 : file-5.22-2.fc21 (2015-2020)NessusFedora Local Security Checks
high
81178Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : file vulnerabilities (USN-2494-1)NessusUbuntu Local Security Checks
medium
80429Mandriva Linux Security Advisory : file (MDVSA-2015:010)NessusMandriva Local Security Checks
medium
80420Debian DSA-3121-1 : file - security updateNessusDebian Local Security Checks
medium
80351FreeBSD : file -- multiple vulnerabilities (9575259a-92d5-11e4-bce6-d050992ecde8)NessusFreeBSD Local Security Checks
medium
80277openSUSE Security Update : file (openSUSE-SU-2014:1720-1)NessusSuSE Local Security Checks
medium