Back to search
CVE-2013-7345
Published: Mar 23, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/file/file/commit/ef2329cf71acb59204dd981e2c6cce6c81fe467c
x_refsource_CONFIRM
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993
x_refsource_CONFIRM
http://bugs.gw.com/view.php?id=164
x_refsource_CONFIRM
http://support.apple.com/kb/HT6443
x_refsource_CONFIRM
RHSA-2014:1765
vendor-advisory
x_refsource_REDHAT
DSA-2873
vendor-advisory
x_refsource_DEBIAN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now