SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2014-3710

Date: (C)2014-11-03 (M)2024-02-22

The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL

Reference:

SECTRACK-1031344

APPLE-SA-2015-04-08-2

FreeBSD-SA-14:28

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1803228597e82218a8c105e67975bc50e6f5bf0d

http://linux.oracle.com/errata/ELSA-2014-1767.html

http://linux.oracle.com/errata/ELSA-2014-1768.html

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

https://bugs.php.net/bug.php?id=68283

https://bugzilla.redhat.com/show_bug.cgi?id=1155071

https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0

https://support.apple.com/HT204659

openSUSE-SU-2014:1516

cpe:/o:debian:debian_linux:7.0
cpe:/o:debian:debian_linux:8.0
cpe:/a:php:php
cpe:/o:canonical:ubuntu_linux:14.10
...

oval:org.secpod.oval:def:601840
oval:org.secpod.oval:def:24458
oval:org.secpod.oval:def:52401
oval:org.secpod.oval:def:702402
...

© SecPod Technologies