PT-2014-1815 · Red Hat+3 · File+4

Publicado

2014-03-06

Atualizado

2024-06-15

CVE-2014-2270

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions file versions prior to 5.17

Description The issue allows context-dependent attackers to cause a denial of service via crafted offsets in the softmagic of a PE executable, leading to out-of-bounds memory access and crash. Multiple vulnerabilities in the file package of Red Hat Enterprise Linux can be exploited remotely, potentially disrupting the availability of protected information.

Recommendations For versions prior to 5.17, update to version 5.17 or later to resolve the issue. As a temporary workaround, consider restricting access to the softmagic component of PE executables until a patch is available. Avoid using crafted offsets in the softmagic of PE executables to minimize the risk of exploitation.

Exploit

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALT-PU-2021-2505

ALT-PU-2023-1892

BDU:2015-06092

BDU:2015-06093

BDU:2015-06094

BDU:2015-06095

BDU:2015-06096

CESA-2014_1012

CESA-2014_1606

CVE-2014-2270

DLA-145-1

DSA-2873-1

DSA-2943-1

MGASA-2014-0123

MGASA-2014-0162

MGASA-2014-0163

OPENSUSE-SU-2024:10290-1

OPENSUSE-SU-2024:10344-1

RHSA-2014:1012

RHSA-2014:1606

RHSA-2014:1765

RHSA-2014_1012

RHSA-2014_1606

SUSE-SU-2014_0670-1

Produtos afetados

Alt Linux

Centos

Red Hat

Suse

File

PT-2014-1815 · Red Hat+3 · File+4

CVE-2014-2270

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 123