PT-2014-5464 · Php+5 · Php+5

Thomas Jarosch

Published

2014-10-24

Updated

2024-06-15

CVE-2014-3710

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions File versions through 5.20 PHP version 5.4.34

Description The issue allows remote attackers to cause a denial of service, resulting in an out-of-bounds read and application crash, via a crafted ELF file. This is due to the donote function in readelf.c not ensuring sufficient note headers are present.

Recommendations For File versions through 5.20, update to a version that fixes the donote function issue in readelf.c. For PHP version 5.4.34, consider disabling the Fileinfo component until a patch is available.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CESA-2014_1767

CESA-2015_2155

CESA-2016_0760

CVE-2014-3710

DLA-86-1

DLA-94-1

DSA-3072-1

DSA-3074-1

MGASA-2014-0439

MGASA-2014-0441

OPENSUSE-SU-2024:10221-1

RHSA-2014:1765

RHSA-2014:1766

RHSA-2014:1767

RHSA-2014:1768

RHSA-2014_1767

RHSA-2014_1768

RHSA-2015:2155

RHSA-2015_2155

RHSA-2016:0760

RHSA-2016_0760

SUSE-SU-2014_1473-1

SUSE-SU-2014_1555-1

USN-2391-1

USN-2494-1

Affected Products

Centos

File

Php

Red Hat

Suse

Ubuntu

PT-2014-5464 · Php+5 · Php+5

CVE-2014-3710

Weakness Enumeration

Related Identifiers

Affected Products

References · 66