CVE-2014-3710

The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1155071 Issue Tracking Third Party Advisory
http://git.php.net/?p=php-src.git;a=commit;h=1803228597e82218a8c105e67975bc50e6f5bf0d Patch Vendor Advisory
https://bugs.php.net/bug.php?id=68283 Patch Vendor Advisory
https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0 Patch Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1768.html Third Party Advisory
http://secunia.com/advisories/60699 Third Party Advisory
http://secunia.com/advisories/61982 Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1767.html Third Party Advisory
http://www.ubuntu.com/usn/USN-2391-1 Third Party Advisory
http://linux.oracle.com/errata/ELSA-2014-1767.html Third Party Advisory
http://secunia.com/advisories/60630 Third Party Advisory
http://linux.oracle.com/errata/ELSA-2014-1768.html Third Party Advisory
http://secunia.com/advisories/61763 Third Party Advisory
http://secunia.com/advisories/61970 Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1766.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1765.html Third Party Advisory
http://www.debian.org/security/2014/dsa-3072 Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html Mailing List Third Party Advisory
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc Third Party Advisory
http://secunia.com/advisories/62347 Third Party Advisory
http://www.securitytracker.com/id/1031344 Third Party Advisory VDB Entry
http://secunia.com/advisories/62559 Third Party Advisory
http://www.ubuntu.com/usn/USN-2494-1 Third Party Advisory
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html Mailing List Third Party Advisory
https://support.apple.com/HT204659 Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html Third Party Advisory
http://www.securityfocus.com/bid/70807 Third Party Advisory VDB Entry
https://security.gentoo.org/glsa/201503-03 Third Party Advisory
https://security.gentoo.org/glsa/201701-42 Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0760.html Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*

Information

Published : 2014-11-05 03:55

Updated : 2022-11-04 19:10


NVD link : CVE-2014-3710

Mitre link : CVE-2014-3710


JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa

Products Affected

debian

  • debian_linux

canonical

  • ubuntu_linux

php

  • php