CVE-2014-9653

readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://mx.gw.com/pipermail/file/2014/001649.html
https://github.com/file/file/commit/445c8fb0ebff85195be94cd9f7e1df89cade5c7f
http://bugs.gw.com/view.php?id=409
http://openwall.com/lists/oss-security/2015/02/05/13
http://php.net/ChangeLog-5.php
http://www.debian.org/security/2015/dsa-3196
http://marc.info/?l=bugtraq&m=143748090628601&w=2
http://marc.info/?l=bugtraq&m=144050155601375&w=2
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://www.securityfocus.com/bid/72516
https://security.gentoo.org/glsa/201701-42
http://rhn.redhat.com/errata/RHSA-2016-0760.html
https://usn.ubuntu.com/3686-1/

Configurations

Configuration 1 (hide)

cpe:2.3:a:file_project:file:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:php:php::::::::
	cpe:2.3:a:php:php:5.5.0:::::::*
	cpe:2.3:a:php:php:5.5.0:beta2::::::
	cpe:2.3:a:php:php:5.5.0:beta3::::::
	cpe:2.3:a:php:php:5.5.12:::::::*
	cpe:2.3:a:php:php:5.5.13:::::::*
	cpe:2.3:a:php:php:5.5.2:::::::*
	cpe:2.3:a:php:php:5.5.20:::::::*
	cpe:2.3:a:php:php:5.6.0:alpha1::::::
	cpe:2.3:a:php:php:5.6.0:alpha2::::::
	cpe:2.3:a:php:php:5.6.0:beta4::::::
	cpe:2.3:a:php:php:5.6.1:::::::*
	cpe:2.3:a:php:php:5.5.0:alpha1::::::
	cpe:2.3:a:php:php:5.5.0:alpha3::::::
	cpe:2.3:a:php:php:5.5.19:::::::*
	cpe:2.3:a:php:php:5.5.5:::::::*
	cpe:2.3:a:php:php:5.6.0:alpha3::::::
	cpe:2.3:a:php:php:5.5.14:::::::*
	cpe:2.3:a:php:php:5.5.0:beta1::::::
	cpe:2.3:a:php:php:5.6.2:::::::*
	cpe:2.3:a:php:php:5.5.0:rc1::::::
	cpe:2.3:a:php:php:5.5.0:beta4::::::
	cpe:2.3:a:php:php:5.5.3:::::::*
	cpe:2.3:a:php:php:5.5.8:::::::*
	cpe:2.3:a:php:php:5.5.0:alpha6::::::
	cpe:2.3:a:php:php:5.5.15:::::::*
	cpe:2.3:a:php:php:5.5.11:::::::*
	cpe:2.3:a:php:php:5.5.4:::::::*
	cpe:2.3:a:php:php:5.5.10:::::::*
	cpe:2.3:a:php:php:5.6.3:::::::*
	cpe:2.3:a:php:php:5.5.18:::::::*
	cpe:2.3:a:php:php:5.5.0:alpha2::::::
	cpe:2.3:a:php:php:5.6.0:alpha4::::::
	cpe:2.3:a:php:php:5.6.0:alpha5::::::
	cpe:2.3:a:php:php:5.5.16:::::::*
	cpe:2.3:a:php:php:5.6.0:beta2::::::
	cpe:2.3:a:php:php:5.6.0:beta1::::::
	cpe:2.3:a:php:php:5.5.1:::::::*
	cpe:2.3:a:php:php:5.6.4:::::::*
	cpe:2.3:a:php:php:5.5.17:::::::*
	cpe:2.3:a:php:php:5.5.7:::::::*
	cpe:2.3:a:php:php:5.6.0:beta3::::::
	cpe:2.3:a:php:php:5.5.6:::::::*
	cpe:2.3:a:php:php:5.5.0:alpha4::::::
	cpe:2.3:a:php:php:5.5.0:alpha5::::::
	cpe:2.3:a:php:php:5.5.0:rc2::::::
	cpe:2.3:a:php:php:5.5.9:::::::*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Information

Published : 2015-03-30 03:59

Updated : 2018-06-15 18:29

NVD link : CVE-2014-9653

Mitre link : CVE-2014-9653

JSON object : View

CWE

CWE-20

Improper Input Validation

Products Affected

file_project

file

debian

debian_linux

php

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://mx.gw.com/pipermail/file/2014/001649.html", "name": "[file] 20141216 [PATCH] readelf.c: better checks for values returned by pread", "tags": [], "refsource": "MLIST"}, {"url": "https://github.com/file/file/commit/445c8fb0ebff85195be94cd9f7e1df89cade5c7f", "name": "https://github.com/file/file/commit/445c8fb0ebff85195be94cd9f7e1df89cade5c7f", "tags": [], "refsource": "CONFIRM"}, {"url": "http://bugs.gw.com/view.php?id=409", "name": "http://bugs.gw.com/view.php?id=409", "tags": [], "refsource": "CONFIRM"}, {"url": "http://openwall.com/lists/oss-security/2015/02/05/13", "name": "[oss-security] 20150205 Re: CVE Request: PHP/file: out-of-bounds memory access in softmagic", "tags": [], "refsource": "MLIST"}, {"url": "http://php.net/ChangeLog-5.php", "name": "http://php.net/ChangeLog-5.php", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.debian.org/security/2015/dsa-3196", "name": "DSA-3196", "tags": [], "refsource": "DEBIAN"}, {"url": "http://marc.info/?l=bugtraq&m=143748090628601&w=2", "name": "HPSBMU03380", "tags": [], "refsource": "HP"}, {"url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2", "name": "HPSBMU03409", "tags": [], "refsource": "HP"}, {"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/72516", "name": "72516", "tags": [], "refsource": "BID"}, {"url": "https://security.gentoo.org/glsa/201701-42", "name": "GLSA-201701-42", "tags": [], "refsource": "GENTOO"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html", "name": "RHSA-2016:0760", "tags": [], "refsource": "REDHAT"}, {"url": "https://usn.ubuntu.com/3686-1/", "name": "USN-3686-1", "tags": [], "refsource": "UBUNTU"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-9653", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2015-03-30T10:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:file_project:file:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "5.21"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "5.4.36"}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.0:beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.6.0:alpha5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.6.0:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.0:alpha5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.0:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:php:php:5.5.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-06-16T01:29Z"}

7.5 /10