QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2014-3538

Back to search

CVE-2014-3538

Published: Jul 3, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.

VendorProductVersions

n/a

n/a

affected
n/a

References

RHSA-2014:1766
vendor-advisory
x_refsource_REDHAT
DSA-3021
vendor-advisory
x_refsource_DEBIAN
RHSA-2016:0760
vendor-advisory
x_refsource_REDHAT
68348
vdb-entry
x_refsource_BID
[file] 20140612 file-5.19 is now available
mailing-list
x_refsource_MLIST
APPLE-SA-2015-04-08-2
vendor-advisory
x_refsource_APPLE
DSA-3008
vendor-advisory
x_refsource_DEBIAN
RHSA-2014:1327
vendor-advisory
x_refsource_REDHAT
RHSA-2014:1765
vendor-advisory
x_refsource_REDHAT
60696
third-party-advisory
x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now