CVE-2014-0237

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 01-06-2014 06:29

Last modified: - 19-01-2023 04:44

Total changes: - 2

Description

The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:N/I:N/A:P

Low

Attack complexity

Network

Attack vector

Low

Availability

None

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

5.0

Base score

10.0

2.9

Exploitability score

Impact score

Verification logic

Reference

http://www.php.net/ChangeLog-5.php
https://github.com/file/file/commit/b8acc83781d5a24cc5101e525d15efe0482c280d
https://bugs.php.net/bug.php?id=67328
SUSE-SU-2014:0869-Mailing List, Third Party Advisory
http://support.apple.com/kb/HT6443
DSA-3021-Third Party Advisory
RHSA-2014:1766-Third Party Advisory
RHSA-2014:1765-Third Party Advisory
https://support.apple.com/HT204659
APPLE-SA-2015-04-08-2-Mailing List, Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
67759-Third Party Advisory, VDB Entry
http://www-01.ibm.com/support/docview.wss?uid=swg21683486
60998-Third Party Advisory
59418-Third Party Advisory
59329-Third Party Advisory
59061-Third Party Advisory

Keywords

CVE-2014-0237

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2014-0237

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures