ID CVE-2014-8116
Summary The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.
References
Vulnerable Configurations
  • cpe:2.3:a:file_project:file:5.20:*:*:*:*:*:*:*
    cpe:2.3:a:file_project:file:5.20:*:*:*:*:*:*:*
  • cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
    cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
  • cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 05-01-2018 - 02:29)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
rhsa
id RHSA-2016:0760
rpms
  • file-0:5.11-31.el7
  • file-debuginfo-0:5.11-31.el7
  • file-devel-0:5.11-31.el7
  • file-libs-0:5.11-31.el7
  • file-static-0:5.11-31.el7
  • python-magic-0:5.11-31.el7
  • file-0:5.04-30.el6
  • file-debuginfo-0:5.04-30.el6
  • file-devel-0:5.04-30.el6
  • file-libs-0:5.04-30.el6
  • file-static-0:5.04-30.el6
  • python-magic-0:5.04-30.el6
refmap via4
bid 71700
confirm
freebsd FreeBSD-SA-14:28
mlist [oss-security] 20141216 file(1): multiple denial of service issues (resource consumption), CVE-2014-8116 and CVE-2014-8117
sectrack 1031344
secunia
  • 61944
  • 62081
ubuntu USN-2494-1
Last major update 05-01-2018 - 02:29
Published 17-12-2014 - 19:59
Last modified 05-01-2018 - 02:29
Back to Top