CVE-2014-3710

The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
References
Link Resource
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1803228597e82218a8c105e67975bc50e6f5bf0d
http://linux.oracle.com/errata/ELSA-2014-1767.html Third Party Advisory
http://linux.oracle.com/errata/ELSA-2014-1768.html Third Party Advisory
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1765.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1766.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1767.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1768.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0760.html Third Party Advisory
http://secunia.com/advisories/60630 Third Party Advisory
http://secunia.com/advisories/60699 Third Party Advisory
http://secunia.com/advisories/61763 Third Party Advisory
http://secunia.com/advisories/61970 Third Party Advisory
http://secunia.com/advisories/61982 Third Party Advisory
http://secunia.com/advisories/62347 Third Party Advisory
http://secunia.com/advisories/62559 Third Party Advisory
http://www.debian.org/security/2014/dsa-3072 Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html Third Party Advisory
http://www.securityfocus.com/bid/70807 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1031344 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2391-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-2494-1 Third Party Advisory
https://bugs.php.net/bug.php?id=68283 Patch Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1155071 Issue Tracking Third Party Advisory
https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0 Patch Third Party Advisory
https://security.gentoo.org/glsa/201503-03 Third Party Advisory
https://security.gentoo.org/glsa/201701-42 Third Party Advisory
https://support.apple.com/HT204659 Third Party Advisory
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc Third Party Advisory
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1803228597e82218a8c105e67975bc50e6f5bf0d
http://linux.oracle.com/errata/ELSA-2014-1767.html Third Party Advisory
http://linux.oracle.com/errata/ELSA-2014-1768.html Third Party Advisory
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1765.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1766.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1767.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1768.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0760.html Third Party Advisory
http://secunia.com/advisories/60630 Third Party Advisory
http://secunia.com/advisories/60699 Third Party Advisory
http://secunia.com/advisories/61763 Third Party Advisory
http://secunia.com/advisories/61970 Third Party Advisory
http://secunia.com/advisories/61982 Third Party Advisory
http://secunia.com/advisories/62347 Third Party Advisory
http://secunia.com/advisories/62559 Third Party Advisory
http://www.debian.org/security/2014/dsa-3072 Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html Third Party Advisory
http://www.securityfocus.com/bid/70807 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1031344 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2391-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-2494-1 Third Party Advisory
https://bugs.php.net/bug.php?id=68283 Patch Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1155071 Issue Tracking Third Party Advisory
https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0 Patch Third Party Advisory
https://security.gentoo.org/glsa/201503-03 Third Party Advisory
https://security.gentoo.org/glsa/201701-42 Third Party Advisory
https://support.apple.com/HT204659 Third Party Advisory
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*

History

21 Nov 2024, 02:08

Type Values Removed Values Added
References () http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1803228597e82218a8c105e67975bc50e6f5bf0d - () http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1803228597e82218a8c105e67975bc50e6f5bf0d -
References () http://linux.oracle.com/errata/ELSA-2014-1767.html - Third Party Advisory () http://linux.oracle.com/errata/ELSA-2014-1767.html - Third Party Advisory
References () http://linux.oracle.com/errata/ELSA-2014-1768.html - Third Party Advisory () http://linux.oracle.com/errata/ELSA-2014-1768.html - Third Party Advisory
References () http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html - Mailing List, Third Party Advisory () http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html - Mailing List, Third Party Advisory
References () http://rhn.redhat.com/errata/RHSA-2014-1765.html - Third Party Advisory () http://rhn.redhat.com/errata/RHSA-2014-1765.html - Third Party Advisory
References () http://rhn.redhat.com/errata/RHSA-2014-1766.html - Third Party Advisory () http://rhn.redhat.com/errata/RHSA-2014-1766.html - Third Party Advisory
References () http://rhn.redhat.com/errata/RHSA-2014-1767.html - Third Party Advisory () http://rhn.redhat.com/errata/RHSA-2014-1767.html - Third Party Advisory
References () http://rhn.redhat.com/errata/RHSA-2014-1768.html - Third Party Advisory () http://rhn.redhat.com/errata/RHSA-2014-1768.html - Third Party Advisory
References () http://rhn.redhat.com/errata/RHSA-2016-0760.html - Third Party Advisory () http://rhn.redhat.com/errata/RHSA-2016-0760.html - Third Party Advisory
References () http://secunia.com/advisories/60630 - Third Party Advisory () http://secunia.com/advisories/60630 - Third Party Advisory
References () http://secunia.com/advisories/60699 - Third Party Advisory () http://secunia.com/advisories/60699 - Third Party Advisory
References () http://secunia.com/advisories/61763 - Third Party Advisory () http://secunia.com/advisories/61763 - Third Party Advisory
References () http://secunia.com/advisories/61970 - Third Party Advisory () http://secunia.com/advisories/61970 - Third Party Advisory
References () http://secunia.com/advisories/61982 - Third Party Advisory () http://secunia.com/advisories/61982 - Third Party Advisory
References () http://secunia.com/advisories/62347 - Third Party Advisory () http://secunia.com/advisories/62347 - Third Party Advisory
References () http://secunia.com/advisories/62559 - Third Party Advisory () http://secunia.com/advisories/62559 - Third Party Advisory
References () http://www.debian.org/security/2014/dsa-3072 - Third Party Advisory () http://www.debian.org/security/2014/dsa-3072 - Third Party Advisory
References () http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html - Third Party Advisory () http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html - Third Party Advisory
References () http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html - Third Party Advisory () http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html - Third Party Advisory
References () http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html - Third Party Advisory () http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html - Third Party Advisory
References () http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html - Third Party Advisory () http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html - Third Party Advisory
References () http://www.securityfocus.com/bid/70807 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/70807 - Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id/1031344 - Third Party Advisory, VDB Entry () http://www.securitytracker.com/id/1031344 - Third Party Advisory, VDB Entry
References () http://www.ubuntu.com/usn/USN-2391-1 - Third Party Advisory () http://www.ubuntu.com/usn/USN-2391-1 - Third Party Advisory
References () http://www.ubuntu.com/usn/USN-2494-1 - Third Party Advisory () http://www.ubuntu.com/usn/USN-2494-1 - Third Party Advisory
References () https://bugs.php.net/bug.php?id=68283 - Patch, Vendor Advisory () https://bugs.php.net/bug.php?id=68283 - Patch, Vendor Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=1155071 - Issue Tracking, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=1155071 - Issue Tracking, Third Party Advisory
References () https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0 - Patch, Third Party Advisory () https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0 - Patch, Third Party Advisory
References () https://security.gentoo.org/glsa/201503-03 - Third Party Advisory () https://security.gentoo.org/glsa/201503-03 - Third Party Advisory
References () https://security.gentoo.org/glsa/201701-42 - Third Party Advisory () https://security.gentoo.org/glsa/201701-42 - Third Party Advisory
References () https://support.apple.com/HT204659 - Third Party Advisory () https://support.apple.com/HT204659 - Third Party Advisory
References () https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc - Third Party Advisory () https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc - Third Party Advisory

07 Nov 2023, 02:20

Type Values Removed Values Added
References
  • {'url': 'http://git.php.net/?p=php-src.git;a=commit;h=1803228597e82218a8c105e67975bc50e6f5bf0d', 'name': 'http://git.php.net/?p=php-src.git;a=commit;h=1803228597e82218a8c105e67975bc50e6f5bf0d', 'tags': ['Patch', 'Vendor Advisory'], 'refsource': 'CONFIRM'}
  • () http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1803228597e82218a8c105e67975bc50e6f5bf0d -

Information

Published : 2014-11-05 11:55

Updated : 2024-11-21 02:08


NVD link : CVE-2014-3710

Mitre link : CVE-2014-3710

CVE.ORG link : CVE-2014-3710


JSON object : View

Products Affected

debian

  • debian_linux

php

  • php

canonical

  • ubuntu_linux
CWE
CWE-20

Improper Input Validation