The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 02:00
Type | Values Removed | Values Added |
---|---|---|
References | () http://bugs.gw.com/view.php?id=164 - Broken Link, Exploit, Issue Tracking, Patch, Third Party Advisory | |
References | () http://rhn.redhat.com/errata/RHSA-2014-1765.html - Third Party Advisory | |
References | () http://support.apple.com/kb/HT6443 - Third Party Advisory | |
References | () http://www.debian.org/security/2014/dsa-2873 - Third Party Advisory | |
References | () https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993 - Issue Tracking, Third Party Advisory | |
References | () https://github.com/file/file/commit/ef2329cf71acb59204dd981e2c6cce6c81fe467c - Exploit, Patch, Third Party Advisory |
31 Oct 2022, 14:56
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:christos_zoulas:file:5.03:*:*:*:*:*:*:* cpe:2.3:a:christos_zoulas:file:5.13:*:*:*:*:*:*:* cpe:2.3:a:christos_zoulas:file:5.08:*:*:*:*:*:*:* cpe:2.3:a:christos_zoulas:file:5.09:*:*:*:*:*:*:* cpe:2.3:a:christos_zoulas:file:5.04:*:*:*:*:*:*:* cpe:2.3:a:christos_zoulas:file:5.02:*:*:*:*:*:*:* cpe:2.3:a:christos_zoulas:file:5.07:*:*:*:*:*:*:* cpe:2.3:a:christos_zoulas:file:5.00:*:*:*:*:*:*:* cpe:2.3:a:christos_zoulas:file:5.01:*:*:*:*:*:*:* cpe:2.3:a:christos_zoulas:file:5.12:*:*:*:*:*:*:* cpe:2.3:a:christos_zoulas:file:5.06:*:*:*:*:*:*:* cpe:2.3:a:christos_zoulas:file:5.05:*:*:*:*:*:*:* cpe:2.3:a:christos_zoulas:file:5.10:*:*:*:*:*:*:* |
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* cpe:2.3:a:php:php:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* |
CWE | NVD-CWE-noinfo | |
References | (CONFIRM) http://support.apple.com/kb/HT6443 - Third Party Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2014-1765.html - Third Party Advisory | |
References | (CONFIRM) http://bugs.gw.com/view.php?id=164 - Broken Link, Exploit, Issue Tracking, Patch, Third Party Advisory | |
References | (CONFIRM) https://github.com/file/file/commit/ef2329cf71acb59204dd981e2c6cce6c81fe467c - Exploit, Patch, Third Party Advisory | |
References | (CONFIRM) https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993 - Issue Tracking, Third Party Advisory | |
References | (DEBIAN) http://www.debian.org/security/2014/dsa-2873 - Third Party Advisory |
Information
Published : 2014-03-24 16:31
Updated : 2024-11-21 02:00
NVD link : CVE-2013-7345
Mitre link : CVE-2013-7345
CVE.ORG link : CVE-2013-7345
JSON object : View
Products Affected
debian
- debian_linux
christos_zoulas
- file
php
- php
CWE