Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-3710

The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.

Published

2014-11-05T11:55:06.027

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	php	php	< 5.4.35	Yes
Application	php	php	< 5.5.19	Yes
Application	php	php	< 5.6.3	Yes
Operating System	debian	debian_linux	7.0	Yes
Operating System	debian	debian_linux	8.0	Yes
Operating System	canonical	ubuntu_linux	10.04	Yes
Operating System	canonical	ubuntu_linux	12.04	Yes
Operating System	canonical	ubuntu_linux	14.04	Yes
Operating System	canonical	ubuntu_linux	14.10	Yes

References

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1803228597e82218a8c105e67975bc50e6f5bf0d ([email protected])
http://linux.oracle.com/errata/ELSA-2014-1767.html Third Party Advisory ([email protected])
http://linux.oracle.com/errata/ELSA-2014-1768.html Third Party Advisory ([email protected])
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html Mailing List, Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2014-1765.html Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2014-1766.html Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2014-1767.html Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2014-1768.html Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2016-0760.html Third Party Advisory ([email protected])
http://secunia.com/advisories/60630 Third Party Advisory ([email protected])
http://secunia.com/advisories/60699 Third Party Advisory ([email protected])
http://secunia.com/advisories/61763 Third Party Advisory ([email protected])
http://secunia.com/advisories/61970 Third Party Advisory ([email protected])
http://secunia.com/advisories/61982 Third Party Advisory ([email protected])
http://secunia.com/advisories/62347 Third Party Advisory ([email protected])
http://secunia.com/advisories/62559 Third Party Advisory ([email protected])
http://www.debian.org/security/2014/dsa-3072 Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/70807 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1031344 Third Party Advisory, VDB Entry ([email protected])
http://www.ubuntu.com/usn/USN-2391-1 Third Party Advisory ([email protected])
http://www.ubuntu.com/usn/USN-2494-1 Third Party Advisory ([email protected])
https://bugs.php.net/bug.php?id=68283 Patch, Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=1155071 Issue Tracking, Third Party Advisory ([email protected])
https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0 Patch, Third Party Advisory ([email protected])
https://security.gentoo.org/glsa/201503-03 Third Party Advisory ([email protected])
https://security.gentoo.org/glsa/201701-42 Third Party Advisory ([email protected])
https://support.apple.com/HT204659 Third Party Advisory ([email protected])
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc Third Party Advisory ([email protected])
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1803228597e82218a8c105e67975bc50e6f5bf0d (af854a3a-2127-422b-91ae-364da2661108)
http://linux.oracle.com/errata/ELSA-2014-1767.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://linux.oracle.com/errata/ELSA-2014-1768.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2014-1765.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2014-1766.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2014-1767.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2014-1768.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2016-0760.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/60630 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/60699 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/61763 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/61970 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/61982 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/62347 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/62559 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2014/dsa-3072 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/70807 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1031344 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-2391-1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-2494-1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugs.php.net/bug.php?id=68283 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1155071 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201503-03 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201701-42 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/HT204659 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)