Headline
CVE-2014-3538: * Enforce limit of 8K on regex searches that have no limits · file/file@4a284c8
file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.
@@ -1,6 +1,6 @@
#------------------------------------------------------------
# $File: android,v 1.2 2013/11/05 14:00:25 christos Exp $
# $File: android,v 1.3 2013/11/08 01:24:22 christos Exp $
# Various android related magic entries
#------------------------------------------------------------
@@ -89,12 +89,12 @@
>17 string 0\n \b, Not-Compressed
>17 string 1\n \b, Compressed
# any string as long as it’s not the word none (which is matched below)
>>19 regex/1 \^([^n\n]|n[^o]|no[^n]|non[^e]|none.+).* \b, Encrypted (%s)
>>19 regex/1l \^([^n\n]|n[^o]|no[^n]|non[^e]|none.+).* \b, Encrypted (%s)
>>19 string none\n \b, Not-Encrypted
# Commented out because they don’t seem useful to print
# (but they are part of the header - the tar file comes after them):
#>>>&1 regex/1 .* \b, Password salt: %s
#>>>>&1 regex/1 .* \b, Master salt: %s
#>>>>>&1 regex/1 .* \b, PBKDF2 rounds: %s
#>>>>>>&1 regex/1 .* \b, IV: %s
#>>>>>>>&1 regex/1 .* \b, Key: %s
#>>>&1 regex/1l .* \b, Password salt: %s
#>>>>&1 regex/1l .* \b, Master salt: %s
#>>>>>&1 regex/1l .* \b, PBKDF2 rounds: %s
#>>>>>>&1 regex/1l .* \b, IV: %s
#>>>>>>>&1 regex/1l .* \b, Key: %s
Related news
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.
The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.