CVE-2014-3538
file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.2104 (21.0%)
Percentil: 95.7%
EPSS: 2026-05-06
Afecta
christos_zoulas:filephp:phpdebian:debian_linuxDescripción técnica
file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.
Publicada: 3/7/2014, 14:55:07
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
- http://mx.gw.com/pipermail/file/2014/001553.html
- http://openwall.com/lists/oss-security/2014/06/30/7
- http://rhn.redhat.com/errata/RHSA-2014-1327.html
- http://rhn.redhat.com/errata/RHSA-2014-1765.html
- http://rhn.redhat.com/errata/RHSA-2014-1766.html
- http://rhn.redhat.com/errata/RHSA-2016-0760.html
- http://secunia.com/advisories/60696