Description

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.

Remediation

References

CVE-2014-3538

Related Vulnerabilities

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-2606)

WordPress Plugin Klarna Checkout for WooCommerce Security Bypass (2.0.9)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16685)

WordPress Plugin Visual Email Designer for WooCommerce SQL Injection (1.7.1)

WordPress Plugin WP Code Highlight.js Cross-Site Scripting (0.6.3)

Severity

Medium

Classification

CVE-2014-3538

Tags

Missing Update Known Vulnerabilities