PT-2014-1814 · File+2 · File+2

Bernd Melchers

Publicado

2014-02-18

Atualizado

2024-06-15

CVE-2014-1943

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions file versions prior to 5.17 file-static-5.04 file-5.04 file-debuginfo-5.04 file-libs-5.04 file-devel-5.04

Description The issue allows context-dependent attackers to cause a denial of service, potentially leading to disruption of protected information availability. This can be achieved through a crafted indirect offset value in the magic of a file, resulting in infinite recursion, CPU consumption, and crash. The exploitation can be carried out remotely.

Recommendations For file versions prior to 5.17, update to version 5.17 or later to resolve the issue. For file-static-5.04, file-5.04, file-debuginfo-5.04, file-libs-5.04, and file-devel-5.04, update to a version that is not affected by this issue, as these specific versions are vulnerable. As a temporary workaround, consider restricting access to the magic of files to minimize the risk of exploitation.

Correção

DoS

Improper Handling of Exceptional Conditions

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-755

Identificadores relacionados

BDU:2015-06092

BDU:2015-06093

BDU:2015-06094

BDU:2015-06095

BDU:2015-06096

BDU:2015-09765

CESA-2014_1012

CESA-2014_1606

CVE-2014-1943

DSA-2861-1

DSA-2868-1

MGASA-2014-0092

MGASA-2014-0162

MGASA-2014-0163

OPENSUSE-SU-2024:10290-1

OPENSUSE-SU-2024:10344-1

OPENSUSE-SU-2024:11169-1

RHSA-2014:1012

RHSA-2014:1606

RHSA-2014:1765

RHSA-2014_1012

RHSA-2014_1606

Produtos afetados

Centos

Red Hat

File

PT-2014-1814 · File+2 · File+2

CVE-2014-1943

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 166