CVE-2014-3538
EPSS 33.0%php5 - security update
發布日:2014/7/3修改日:2026/4/28
也稱為:DEBIAN-CVE-2014-3538
描述
file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.
受影響套件(4)
- Debian/filefrom 0, < 1:5.19-1
- Debian/filefrom 0, < 5.04-5+squeeze7
- Debian/php5from 0, < 5.3.3-7+squeeze22
- Debian/php5from 0, < 5.4.4-14+deb7u13