Description

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.

Remediation

References

CVE-2014-3538

Related Vulnerabilities

WordPress Plugin CF7 Manual Spam Blocker Privilege Escalation (1.0)

WordPress Plugin RSVPMaker SQL Injection (9.2.6)

WordPress Plugin Swim Team Arbitrary File Download (1.44.1077)

WordPress Plugin Thrive Themes Builder Security Bypass (2.2.3)

Apache Tomcat Deserialization of Untrusted Data Vulnerability (CVE-2020-9484)

Severity

Medium

Classification

CVE-2014-3538

Tags

Missing Update Known Vulnerabilities