Информационная безопасность
[RU] switch to English


DoS против file/fileinfo/PHP
Опубликовано:14 июня 2014 г.
Источник:
SecurityVulns ID:13826
Тип:библиотека
Уровень опасности:
5/10
Описание:Исчерпание ресурсов и бесконечный цикл при разборе файлов CDF.
Затронутые продукты:PHP : PHP 5.5
CVE:CVE-2014-3710 (The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.)
 CVE-2014-0238 (The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.)
 CVE-2014-0237 (The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2014:116 ] file (14.06.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород