PT-2014-5464 · Php+5 · Php+5

Thomas Jarosch

Publicado

2014-10-24

Atualizado

2024-06-15

CVE-2014-3710

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions File versions through 5.20 PHP version 5.4.34

Description The issue allows remote attackers to cause a denial of service, resulting in an out-of-bounds read and application crash, via a crafted ELF file. This is due to the donote function in readelf.c not ensuring sufficient note headers are present.

Recommendations For File versions through 5.20, update to a version that fixes the donote function issue in readelf.c. For PHP version 5.4.34, consider disabling the Fileinfo component until a patch is available.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CESA-2014_1767

CESA-2015_2155

CESA-2016_0760

CVE-2014-3710

DLA-86-1

DLA-94-1

DSA-3072-1

DSA-3074-1

MGASA-2014-0439

MGASA-2014-0441

OPENSUSE-SU-2024:10221-1

RHSA-2014:1765

RHSA-2014:1766

RHSA-2014:1767

RHSA-2014:1768

RHSA-2014_1767

RHSA-2014_1768

RHSA-2015:2155

RHSA-2015_2155

RHSA-2016:0760

RHSA-2016_0760

SUSE-SU-2014_1473-1

SUSE-SU-2014_1555-1

USN-2391-1

USN-2494-1

Produtos afetados

Centos

File

Php

Red Hat

Suse

Ubuntu

PT-2014-5464 · Php+5 · Php+5

CVE-2014-3710

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 66