CVE-2014-8116 - The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service

CVE-2014-8116

Summary

The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.

References

Vulnerable Configurations

cpe:2.3:a:file_project:file:5.20:*:*:*:*:*:*:*
cpe:2.3:a:file_project:file:5.20:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*
cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 05-01-2018 - 02:29)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

redhat via4

advisories

rhsa

id	RHSA-2016:0760

rpms

file-0:5.11-31.el7
file-debuginfo-0:5.11-31.el7
file-devel-0:5.11-31.el7
file-libs-0:5.11-31.el7
file-static-0:5.11-31.el7
python-magic-0:5.11-31.el7
file-0:5.04-30.el6
file-debuginfo-0:5.04-30.el6
file-devel-0:5.04-30.el6
file-libs-0:5.04-30.el6
file-static-0:5.04-30.el6
python-magic-0:5.04-30.el6

refmap via4

bid	71700
confirm	http://advisories.mageia.org/MGASA-2015-0040.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html https://github.com/file/file/blob/00cef282a902a4a6709bbbbb933ee397768caa38/ChangeLog https://github.com/file/file/commit/b4c01141e5367f247b84dcaf6aefbb4e741842b8 https://github.com/file/file/commit/d7cdad007c507e6c79f51f058dd77fab70ceb9f6
freebsd	FreeBSD-SA-14:28
mlist	[oss-security] 20141216 file(1): multiple denial of service issues (resource consumption), CVE-2014-8116 and CVE-2014-8117
sectrack	1031344
secunia	61944 62081
ubuntu	USN-2494-1

Last major update

05-01-2018 - 02:29

Published

17-12-2014 - 19:59

Last modified

05-01-2018 - 02:29