Description

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.

Remediation

References

CVE-2013-7345

Related Vulnerabilities

WordPress Plugin Daily Maui Photo Widget Multiple Cross-Site Scripting Vulnerabilities (0.2)

PHP Other Vulnerability (CVE-2007-1521)

WordPress Plugin WP Socializer-Simple & Easy Social Media Share Icons Cross-Site Scripting (2.4.2)

OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3738)

Oracle Database Server CVE-2006-5342 Vulnerability (CVE-2006-5342)

Severity

Medium

Classification

CVE-2013-7345

Tags

Missing Update Known Vulnerabilities