CVE-2014-3710 - Vulnerability Details

Vendors	Products
Canonical	Ubuntu Linux
Debian	Debian Linux
Php	Php
Redhat	Enterprise Linux Rhel Software Collections

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 5
php53-0:5.3.3-26.el5_11	cpe:/o:redhat:enterprise_linux:5	RHSA-2014:1768	2014-10-30T00:00:00Z
Red Hat Enterprise Linux 6
php-0:5.3.3-40.el6_6	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1767	2014-10-30T00:00:00Z
file-0:5.04-30.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2016:0760	2016-05-10T00:00:00Z
Red Hat Enterprise Linux 7
php-0:5.4.16-23.el7_0.3	cpe:/o:redhat:enterprise_linux:7	RHSA-2014:1767	2014-10-30T00:00:00Z
file-0:5.11-31.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2015:2155	2015-11-19T00:00:00Z
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6
php54-php-0:5.4.16-22.el6	cpe:/a:redhat:rhel_software_collections:1::el6	RHSA-2014:1765	2014-10-30T00:00:00Z
php55-php-0:5.5.6-13.el6	cpe:/a:redhat:rhel_software_collections:1::el6	RHSA-2014:1766	2014-10-30T00:00:00Z
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS
php54-php-0:5.4.16-22.el6	cpe:/a:redhat:rhel_software_collections:1::el6	RHSA-2014:1765	2014-10-30T00:00:00Z
php55-php-0:5.5.6-13.el6	cpe:/a:redhat:rhel_software_collections:1::el6	RHSA-2014:1766	2014-10-30T00:00:00Z
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS
php54-php-0:5.4.16-22.el6	cpe:/a:redhat:rhel_software_collections:1::el6	RHSA-2014:1765	2014-10-30T00:00:00Z
php55-php-0:5.5.6-13.el6	cpe:/a:redhat:rhel_software_collections:1::el6	RHSA-2014:1766	2014-10-30T00:00:00Z
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS
php54-php-0:5.4.16-22.el6	cpe:/a:redhat:rhel_software_collections:1::el6	RHSA-2014:1765	2014-10-30T00:00:00Z
php55-php-0:5.5.6-13.el6	cpe:/a:redhat:rhel_software_collections:1::el6	RHSA-2014:1766	2014-10-30T00:00:00Z
Red Hat Software Collections 1 for Red Hat Enterprise Linux 7
php54-php-0:5.4.16-22.el7	cpe:/a:redhat:rhel_software_collections:1::el7	RHSA-2014:1765	2014-10-30T00:00:00Z
php55-php-0:5.5.6-13.el7	cpe:/a:redhat:rhel_software_collections:1::el7	RHSA-2014:1766	2014-10-30T00:00:00Z

Link	Providers
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1803228597e82218a8c105e67975bc50e6f5bf0d
http://linux.oracle.com/errata/ELSA-2014-1767.html
http://linux.oracle.com/errata/ELSA-2014-1768.html
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html
http://rhn.redhat.com/errata/RHSA-2014-1765.html
http://rhn.redhat.com/errata/RHSA-2014-1766.html
http://rhn.redhat.com/errata/RHSA-2014-1767.html
http://rhn.redhat.com/errata/RHSA-2014-1768.html
http://rhn.redhat.com/errata/RHSA-2016-0760.html
http://secunia.com/advisories/60630
http://secunia.com/advisories/60699
http://secunia.com/advisories/61763
http://secunia.com/advisories/61970
http://secunia.com/advisories/61982
http://secunia.com/advisories/62347
http://secunia.com/advisories/62559
http://www.debian.org/security/2014/dsa-3072
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/70807
http://www.securitytracker.com/id/1031344
http://www.ubuntu.com/usn/USN-2391-1
http://www.ubuntu.com/usn/USN-2494-1
https://bugs.php.net/bug.php?id=68283
https://bugzilla.redhat.com/show_bug.cgi?id=1155071
https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0
https://nvd.nist.gov/vuln/detail/CVE-2014-3710
https://security.gentoo.org/glsa/201503-03
https://security.gentoo.org/glsa/201701-42
https://support.apple.com/HT204659
https://www.cve.org/CVERecord?id=CVE-2014-3710
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-10-21T00:00:00", "descriptions": [{"lang": "en", "value": "The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.php.net/bug.php?id=68283"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1803228597e82218a8c105e67975bc50e6f5bf0d"}, {"name": "62347", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62347"}, {"name": "RHSA-2014:1767", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1767.html"}, {"name": "USN-2391-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2391-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT204659"}, {"name": "61982", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/61982"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"}, {"name": "61763", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/61763"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://linux.oracle.com/errata/ELSA-2014-1767.html"}, {"name": "RHSA-2014:1766", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"}, {"name": "FreeBSD-SA-14:28", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://linux.oracle.com/errata/ELSA-2014-1768.html"}, {"name": "DSA-3072", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-3072"}, {"name": "RHSA-2016:0760", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"}, {"name": "USN-2494-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2494-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"name": "APPLE-SA-2015-04-08-2", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"}, {"name": "61970", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/61970"}, {"name": "1031344", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1031344"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"}, {"name": "RHSA-2014:1765", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"}, {"name": "openSUSE-SU-2014:1516", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html"}, {"name": "RHSA-2014:1768", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1768.html"}, {"name": "GLSA-201701-42", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201701-42"}, {"name": "60699", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60699"}, {"name": "GLSA-201503-03", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201503-03"}, {"name": "70807", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/70807"}, {"name": "60630", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60630"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1155071"}, {"name": "62559", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62559"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-3710", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugs.php.net/bug.php?id=68283", "refsource": "CONFIRM", "url": "https://bugs.php.net/bug.php?id=68283"}, {"name": "http://git.php.net/?p=php-src.git;a=commit;h=1803228597e82218a8c105e67975bc50e6f5bf0d", "refsource": "CONFIRM", "url": "http://git.php.net/?p=php-src.git;a=commit;h=1803228597e82218a8c105e67975bc50e6f5bf0d"}, {"name": "62347", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62347"}, {"name": "RHSA-2014:1767", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1767.html"}, {"name": "USN-2391-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2391-1"}, {"name": "https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0", "refsource": "CONFIRM", "url": "https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0"}, {"name": "https://support.apple.com/HT204659", "refsource": "CONFIRM", "url": "https://support.apple.com/HT204659"}, {"name": "61982", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61982"}, {"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"}, {"name": "61763", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61763"}, {"name": "http://linux.oracle.com/errata/ELSA-2014-1767.html", "refsource": "CONFIRM", "url": "http://linux.oracle.com/errata/ELSA-2014-1767.html"}, {"name": "RHSA-2014:1766", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"}, {"name": "FreeBSD-SA-14:28", "refsource": "FREEBSD", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc"}, {"name": "http://linux.oracle.com/errata/ELSA-2014-1768.html", "refsource": "CONFIRM", "url": "http://linux.oracle.com/errata/ELSA-2014-1768.html"}, {"name": "DSA-3072", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-3072"}, {"name": "RHSA-2016:0760", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"}, {"name": "USN-2494-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2494-1"}, {"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"name": "APPLE-SA-2015-04-08-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"}, {"name": "61970", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61970"}, {"name": "1031344", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1031344"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"}, {"name": "RHSA-2014:1765", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"}, {"name": "openSUSE-SU-2014:1516", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html"}, {"name": "RHSA-2014:1768", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1768.html"}, {"name": "GLSA-201701-42", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-42"}, {"name": "60699", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60699"}, {"name": "GLSA-201503-03", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201503-03"}, {"name": "70807", "refsource": "BID", "url": "http://www.securityfocus.com/bid/70807"}, {"name": "60630", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60630"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1155071", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1155071"}, {"name": "62559", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62559"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:50:17.979Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.php.net/bug.php?id=68283"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1803228597e82218a8c105e67975bc50e6f5bf0d"}, {"name": "62347", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62347"}, {"name": "RHSA-2014:1767", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1767.html"}, {"name": "USN-2391-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2391-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/HT204659"}, {"name": "61982", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/61982"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"}, {"name": "61763", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/61763"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://linux.oracle.com/errata/ELSA-2014-1767.html"}, {"name": "RHSA-2014:1766", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"}, {"name": "FreeBSD-SA-14:28", "tags": ["vendor-advisory", "x_refsource_FREEBSD", "x_transferred"], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://linux.oracle.com/errata/ELSA-2014-1768.html"}, {"name": "DSA-3072", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-3072"}, {"name": "RHSA-2016:0760", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"}, {"name": "USN-2494-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2494-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"name": "APPLE-SA-2015-04-08-2", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"}, {"name": "61970", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/61970"}, {"name": "1031344", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1031344"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"}, {"name": "RHSA-2014:1765", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"}, {"name": "openSUSE-SU-2014:1516", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html"}, {"name": "RHSA-2014:1768", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1768.html"}, {"name": "GLSA-201701-42", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201701-42"}, {"name": "60699", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60699"}, {"name": "GLSA-201503-03", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201503-03"}, {"name": "70807", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/70807"}, {"name": "60630", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60630"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1155071"}, {"name": "62559", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62559"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3710", "datePublished": "2014-11-05T11:00:00", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2024-08-06T10:50:17.979Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2014-10-21T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2018-01-04T19:57:01 (string)

orgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

shortName : redhat (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://bugs.php.net/bug.php?id=68283 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1803228597e82218a8c105e67975bc50e6f5bf0d (string)

}

2 : { »

name : 62347 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/62347 (string)

}

3 : { »

name : RHSA-2014:1767 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-1767.html (string)

}

4 : { »

name : USN-2391-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : http://www.ubuntu.com/usn/USN-2391-1 (string)

}

5 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0 (string)

}

6 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://support.apple.com/HT204659 (string)

}

7 : { »

name : 61982 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/61982 (string)

}

8 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html (string)

}

9 : { »

name : 61763 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/61763 (string)

}

10 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://linux.oracle.com/errata/ELSA-2014-1767.html (string)

}

11 : { »

name : RHSA-2014:1766 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-1766.html (string)

}

12 : { »

name : FreeBSD-SA-14:28 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FREEBSD (string)

]

url : https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc (string)

}

13 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://linux.oracle.com/errata/ELSA-2014-1768.html (string)

}

14 : { »

name : DSA-3072 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : http://www.debian.org/security/2014/dsa-3072 (string)

}

15 : { »

name : RHSA-2016:0760 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2016-0760.html (string)

}

16 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html (string)

}

17 : { »

name : USN-2494-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : http://www.ubuntu.com/usn/USN-2494-1 (string)

}

18 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html (string)

}

19 : { »

name : APPLE-SA-2015-04-08-2 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_APPLE (string)

]

url : http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html (string)

}

20 : { »

name : 61970 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/61970 (string)

}

21 : { »

name : 1031344 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id/1031344 (string)

}

22 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html (string)

}

23 : { »

name : RHSA-2014:1765 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-1765.html (string)

}

24 : { »

name : openSUSE-SU-2014:1516 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html (string)

}

25 : { »

name : RHSA-2014:1768 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-1768.html (string)

}

26 : { »

name : GLSA-201701-42 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

]

url : https://security.gentoo.org/glsa/201701-42 (string)

}

27 : { »

name : 60699 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/60699 (string)

}

28 : { »

name : GLSA-201503-03 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

]

url : https://security.gentoo.org/glsa/201503-03 (string)

}

29 : { »

name : 70807 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/70807 (string)

}

30 : { »

name : 60630 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/60630 (string)

}

31 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1155071 (string)

}

32 : { »

name : 62559 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/62559 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : secalert@redhat.com (string)

ID : CVE-2014-3710 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://bugs.php.net/bug.php?id=68283 (string)

refsource : CONFIRM (string)

url : https://bugs.php.net/bug.php?id=68283 (string)

}

1 : { »

name : http://git.php.net/?p=php-src.git;a=commit;h=1803228597e82218a8c105e67975bc50e6f5bf0d (string)

refsource : CONFIRM (string)

url : http://git.php.net/?p=php-src.git;a=commit;h=1803228597e82218a8c105e67975bc50e6f5bf0d (string)

}

2 : { »

name : 62347 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/62347 (string)

}

3 : { »

name : RHSA-2014:1767 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2014-1767.html (string)

}

4 : { »

name : USN-2391-1 (string)

refsource : UBUNTU (string)

url : http://www.ubuntu.com/usn/USN-2391-1 (string)

}

5 : { »

name : https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0 (string)

refsource : CONFIRM (string)

url : https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0 (string)

}

6 : { »

name : https://support.apple.com/HT204659 (string)

refsource : CONFIRM (string)

url : https://support.apple.com/HT204659 (string)

}

7 : { »

name : 61982 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/61982 (string)

}

8 : { »

name : http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html (string)

refsource : CONFIRM (string)

url : http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html (string)

}

9 : { »

name : 61763 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/61763 (string)

}

10 : { »

name : http://linux.oracle.com/errata/ELSA-2014-1767.html (string)

refsource : CONFIRM (string)

url : http://linux.oracle.com/errata/ELSA-2014-1767.html (string)

}

11 : { »

name : RHSA-2014:1766 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2014-1766.html (string)

}

12 : { »

name : FreeBSD-SA-14:28 (string)

refsource : FREEBSD (string)

url : https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc (string)

}

13 : { »

name : http://linux.oracle.com/errata/ELSA-2014-1768.html (string)

refsource : CONFIRM (string)

url : http://linux.oracle.com/errata/ELSA-2014-1768.html (string)

}

14 : { »

name : DSA-3072 (string)

refsource : DEBIAN (string)

url : http://www.debian.org/security/2014/dsa-3072 (string)

}

15 : { »

name : RHSA-2016:0760 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2016-0760.html (string)

}

16 : { »

name : http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html (string)

refsource : CONFIRM (string)

url : http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html (string)

}

17 : { »

name : USN-2494-1 (string)

refsource : UBUNTU (string)

url : http://www.ubuntu.com/usn/USN-2494-1 (string)

}

18 : { »

name : http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html (string)

refsource : CONFIRM (string)

url : http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html (string)

}

19 : { »

name : APPLE-SA-2015-04-08-2 (string)

refsource : APPLE (string)

url : http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html (string)

}

20 : { »

name : 61970 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/61970 (string)

}

21 : { »

name : 1031344 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id/1031344 (string)

}

22 : { »

name : http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html (string)

refsource : CONFIRM (string)

url : http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html (string)

}

23 : { »

name : RHSA-2014:1765 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2014-1765.html (string)

}

24 : { »

name : openSUSE-SU-2014:1516 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html (string)

}

25 : { »

name : RHSA-2014:1768 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2014-1768.html (string)

}

26 : { »

name : GLSA-201701-42 (string)

refsource : GENTOO (string)

url : https://security.gentoo.org/glsa/201701-42 (string)

}

27 : { »

name : 60699 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/60699 (string)

}

28 : { »

name : GLSA-201503-03 (string)

refsource : GENTOO (string)

url : https://security.gentoo.org/glsa/201503-03 (string)

}

29 : { »

name : 70807 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/70807 (string)

}

30 : { »

name : 60630 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/60630 (string)

}

31 : { »

name : https://bugzilla.redhat.com/show_bug.cgi?id=1155071 (string)

refsource : CONFIRM (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1155071 (string)

}

32 : { »

name : 62559 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/62559 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T10:50:17.979Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://bugs.php.net/bug.php?id=68283 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1803228597e82218a8c105e67975bc50e6f5bf0d (string)

}

2 : { »

name : 62347 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/62347 (string)

}

3 : { »

name : RHSA-2014:1767 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-1767.html (string)

}

4 : { »

name : USN-2391-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : http://www.ubuntu.com/usn/USN-2391-1 (string)

}

5 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0 (string)

}

6 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://support.apple.com/HT204659 (string)

}

7 : { »

name : 61982 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/61982 (string)

}

8 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html (string)

}

9 : { »

name : 61763 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/61763 (string)

}

10 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://linux.oracle.com/errata/ELSA-2014-1767.html (string)

}

11 : { »

name : RHSA-2014:1766 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-1766.html (string)

}

12 : { »

name : FreeBSD-SA-14:28 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FREEBSD (string)

2 : x_transferred (string)

]

url : https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc (string)

}

13 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://linux.oracle.com/errata/ELSA-2014-1768.html (string)

}

14 : { »

name : DSA-3072 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : http://www.debian.org/security/2014/dsa-3072 (string)

}

15 : { »

name : RHSA-2016:0760 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2016-0760.html (string)

}

16 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html (string)

}

17 : { »

name : USN-2494-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : http://www.ubuntu.com/usn/USN-2494-1 (string)

}

18 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html (string)

}

19 : { »

name : APPLE-SA-2015-04-08-2 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_APPLE (string)

2 : x_transferred (string)

]

url : http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html (string)

}

20 : { »

name : 61970 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/61970 (string)

}

21 : { »

name : 1031344 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id/1031344 (string)

}

22 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html (string)

}

23 : { »

name : RHSA-2014:1765 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-1765.html (string)

}

24 : { »

name : openSUSE-SU-2014:1516 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html (string)

}

25 : { »

name : RHSA-2014:1768 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-1768.html (string)

}

26 : { »

name : GLSA-201701-42 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

2 : x_transferred (string)

]

url : https://security.gentoo.org/glsa/201701-42 (string)

}

27 : { »

name : 60699 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/60699 (string)

}

28 : { »

name : GLSA-201503-03 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

2 : x_transferred (string)

]

url : https://security.gentoo.org/glsa/201503-03 (string)

}

29 : { »

name : 70807 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/70807 (string)

}

30 : { »

name : 60630 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/60630 (string)

}

31 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1155071 (string)

}

32 : { »

name : 62559 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/62559 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

assignerShortName : redhat (string)

cveId : CVE-2014-3710 (string)

datePublished : 2014-11-05T11:00:00 (string)

dateReserved : 2014-05-14T00:00:00 (string)

dateUpdated : 2024-08-06T10:50:17.979Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "263164CF-17DF-4696-846C-636AD840A86D", "versionEndExcluding": "5.4.35", "versionStartIncluding": "5.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "66D331E2-CE0F-47C4-9EE8-398D9F8C2B54", "versionEndExcluding": "5.5.19", "versionStartIncluding": "5.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "24CA357B-EB19-4EFE-B170-CB7276A44AF6", "versionEndExcluding": "5.6.3", "versionStartIncluding": "5.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file."}, {"lang": "es", "value": "La funci\u00f3n donote en readelf.c en file hasta 5.20, utilizado en el componente Fileinfo en PHP 5.4.34, no asegura que suficientes cabeceras de notas est\u00e1n presentes, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (lectura fuera de rango y ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un fichero ELF manipulado."}], "id": "CVE-2014-3710", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-11-05T11:55:06.027", "references": [{"source": "secalert@redhat.com", "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1803228597e82218a8c105e67975bc50e6f5bf0d"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://linux.oracle.com/errata/ELSA-2014-1767.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://linux.oracle.com/errata/ELSA-2014-1768.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1767.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1768.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/60630"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/60699"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/61763"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/61970"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/61982"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/62347"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/62559"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2014/dsa-3072"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/70807"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1031344"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2391-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2494-1"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://bugs.php.net/bug.php?id=68283"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1155071"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201503-03"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201701-42"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/HT204659"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1803228597e82218a8c105e67975bc50e6f5bf0d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://linux.oracle.com/errata/ELSA-2014-1767.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://linux.oracle.com/errata/ELSA-2014-1768.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1765.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1766.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1767.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1768.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/60630"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/60699"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/61763"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/61970"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/61982"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/62347"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/62559"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2014/dsa-3072"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/70807"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1031344"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2391-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2494-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://bugs.php.net/bug.php?id=68283"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1155071"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201503-03"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201701-42"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/HT204659"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:php:php:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 263164CF-17DF-4696-846C-636AD840A86D (string)

versionEndExcluding : 5.4.35 (string)

versionStartIncluding : 5.4.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:php:php:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 66D331E2-CE0F-47C4-9EE8-398D9F8C2B54 (string)

versionEndExcluding : 5.5.19 (string)

versionStartIncluding : 5.5.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:php:php:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 24CA357B-EB19-4EFE-B170-CB7276A44AF6 (string)

versionEndExcluding : 5.6.3 (string)

versionStartIncluding : 5.6.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 16F59A04-14CF-49E2-9973-645477EA09DA (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* (string)

matchCriteriaId : C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:* (string)

matchCriteriaId : 01EDA41C-6B2E-49AF-B503-EB3882265C11 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* (string)

matchCriteriaId : CB66DB75-2B16-4EBF-9B93-CE49D8086E41 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* (string)

matchCriteriaId : 815D70A8-47D3-459C-A32C-9FEACA0659D1 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:* (string)

matchCriteriaId : 49A63F39-30BE-443F-AF10-6245587D3359 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. (string)

}

1 : { »

lang : es (string)

value : La función donote en readelf.c en file hasta 5.20, utilizado en el componente Fileinfo en PHP 5.4.34, no asegura que suficientes cabeceras de notas están presentes, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango y caída de aplicación) a través de un fichero ELF manipulado. (string)

}

]

id : CVE-2014-3710 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 5 (number)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:N/I:N/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2014-11-05T11:55:06.027 (string)

references : [ »

0 : { »

source : secalert@redhat.com (string)

url : http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1803228597e82218a8c105e67975bc50e6f5bf0d (string)

}

1 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://linux.oracle.com/errata/ELSA-2014-1767.html (string)

}

2 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://linux.oracle.com/errata/ELSA-2014-1768.html (string)

}

3 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html (string)

}

4 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html (string)

}

5 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-1765.html (string)

}

6 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-1766.html (string)

}

7 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-1767.html (string)

}

8 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-1768.html (string)

}

9 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2016-0760.html (string)

}

10 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/60630 (string)

}

11 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/60699 (string)

}

12 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/61763 (string)

}

13 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/61970 (string)

}

14 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/61982 (string)

}

15 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/62347 (string)

}

16 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/62559 (string)

}

17 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.debian.org/security/2014/dsa-3072 (string)

}

18 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html (string)

}

19 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html (string)

}

20 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html (string)

}

21 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html (string)

}

22 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/70807 (string)

}

23 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securitytracker.com/id/1031344 (string)

}

24 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.ubuntu.com/usn/USN-2391-1 (string)

}

25 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.ubuntu.com/usn/USN-2494-1 (string)

}

26 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://bugs.php.net/bug.php?id=68283 (string)

}

27 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Issue Tracking (string)

1 : Third Party Advisory (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1155071 (string)

}

28 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0 (string)

}

29 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://security.gentoo.org/glsa/201503-03 (string)

}

30 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://security.gentoo.org/glsa/201701-42 (string)

}

31 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://support.apple.com/HT204659 (string)

}

32 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc (string)

}

33 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1803228597e82218a8c105e67975bc50e6f5bf0d (string)

}

34 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://linux.oracle.com/errata/ELSA-2014-1767.html (string)

}

35 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://linux.oracle.com/errata/ELSA-2014-1768.html (string)

}

36 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html (string)

}

37 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.html (string)

}

38 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-1765.html (string)

}

39 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-1766.html (string)

}

40 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-1767.html (string)

}

41 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-1768.html (string)

}

42 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2016-0760.html (string)

}

43 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/60630 (string)

}

44 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/60699 (string)

}

45 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/61763 (string)

}

46 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/61970 (string)

}

47 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/61982 (string)

}

48 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/62347 (string)

}

49 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://secunia.com/advisories/62559 (string)

}

50 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.debian.org/security/2014/dsa-3072 (string)

}

51 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html (string)

}

52 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html (string)

}

53 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html (string)

}

54 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html (string)

}

55 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/70807 (string)

}

56 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securitytracker.com/id/1031344 (string)

}

57 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.ubuntu.com/usn/USN-2391-1 (string)

}

58 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.ubuntu.com/usn/USN-2494-1 (string)

}

59 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://bugs.php.net/bug.php?id=68283 (string)

}

60 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Issue Tracking (string)

1 : Third Party Advisory (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1155071 (string)

}

61 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0 (string)

}

62 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://security.gentoo.org/glsa/201503-03 (string)

}

63 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://security.gentoo.org/glsa/201701-42 (string)

}

64 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://support.apple.com/HT204659 (string)

}

65 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc (string)

}

]

sourceIdentifier : secalert@redhat.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-20 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"acknowledgement": "This issue was discovered by Francisco Alonso (Red Hat Product Security).", "affected_release": [{"advisory": "RHSA-2014:1768", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "php53-0:5.3.3-26.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2014-10-30T00:00:00Z"}, {"advisory": "RHSA-2014:1767", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "php-0:5.3.3-40.el6_6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-30T00:00:00Z"}, {"advisory": "RHSA-2016:0760", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "file-0:5.04-30.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2016-05-10T00:00:00Z"}, {"advisory": "RHSA-2014:1767", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "php-0:5.4.16-23.el7_0.3", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2014-10-30T00:00:00Z"}, {"advisory": "RHSA-2015:2155", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "file-0:5.11-31.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-11-19T00:00:00Z"}, {"advisory": "RHSA-2014:1765", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el6", "package": "php54-php-0:5.4.16-22.el6", "product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6", "release_date": "2014-10-30T00:00:00Z"}, {"advisory": "RHSA-2014:1766", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el6", "package": "php55-php-0:5.5.6-13.el6", "product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6", "release_date": "2014-10-30T00:00:00Z"}, {"advisory": "RHSA-2014:1765", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el6", "package": "php54-php-0:5.4.16-22.el6", "product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS", "release_date": "2014-10-30T00:00:00Z"}, {"advisory": "RHSA-2014:1766", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el6", "package": "php55-php-0:5.5.6-13.el6", "product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS", "release_date": "2014-10-30T00:00:00Z"}, {"advisory": "RHSA-2014:1765", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el6", "package": "php54-php-0:5.4.16-22.el6", "product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS", "release_date": "2014-10-30T00:00:00Z"}, {"advisory": "RHSA-2014:1766", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el6", "package": "php55-php-0:5.5.6-13.el6", "product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS", "release_date": "2014-10-30T00:00:00Z"}, {"advisory": "RHSA-2014:1765", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el6", "package": "php54-php-0:5.4.16-22.el6", "product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS", "release_date": "2014-10-30T00:00:00Z"}, {"advisory": "RHSA-2014:1766", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el6", "package": "php55-php-0:5.5.6-13.el6", "product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS", "release_date": "2014-10-30T00:00:00Z"}, {"advisory": "RHSA-2014:1765", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el7", "package": "php54-php-0:5.4.16-22.el7", "product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 7", "release_date": "2014-10-30T00:00:00Z"}, {"advisory": "RHSA-2014:1766", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el7", "package": "php55-php-0:5.5.6-13.el7", "product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 7", "release_date": "2014-10-30T00:00:00Z"}], "bugzilla": {"description": "file: out-of-bounds read in elf note headers", "id": "1155071", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1155071"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified"}, "cwe": "CWE-125", "details": ["The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.", "An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file."], "name": "CVE-2014-3710", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "file", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2014-10-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-3710\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3710"], "threat_severity": "Moderate"}

{

acknowledgement : This issue was discovered by Francisco Alonso (Red Hat Product Security). (string)

affected_release : [ »

0 : { »

advisory : RHSA-2014:1768 (string)

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

package : php53-0:5.3.3-26.el5_11 (string)

product_name : Red Hat Enterprise Linux 5 (string)

release_date : 2014-10-30T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2014:1767 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : php-0:5.3.3-40.el6_6 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2014-10-30T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2016:0760 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : file-0:5.04-30.el6 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2016-05-10T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2014:1767 (string)

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

package : php-0:5.4.16-23.el7_0.3 (string)

product_name : Red Hat Enterprise Linux 7 (string)

release_date : 2014-10-30T00:00:00Z (string)

}

4 : { »

advisory : RHSA-2015:2155 (string)

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

package : file-0:5.11-31.el7 (string)

product_name : Red Hat Enterprise Linux 7 (string)

release_date : 2015-11-19T00:00:00Z (string)

}

5 : { »

advisory : RHSA-2014:1765 (string)

cpe : cpe:/a:redhat:rhel_software_collections:1::el6 (string)

package : php54-php-0:5.4.16-22.el6 (string)

product_name : Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 (string)

release_date : 2014-10-30T00:00:00Z (string)

}

6 : { »

advisory : RHSA-2014:1766 (string)

cpe : cpe:/a:redhat:rhel_software_collections:1::el6 (string)

package : php55-php-0:5.5.6-13.el6 (string)

product_name : Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 (string)

release_date : 2014-10-30T00:00:00Z (string)

}

7 : { »

advisory : RHSA-2014:1765 (string)

cpe : cpe:/a:redhat:rhel_software_collections:1::el6 (string)

package : php54-php-0:5.4.16-22.el6 (string)

product_name : Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS (string)

release_date : 2014-10-30T00:00:00Z (string)

}

8 : { »

advisory : RHSA-2014:1766 (string)

cpe : cpe:/a:redhat:rhel_software_collections:1::el6 (string)

package : php55-php-0:5.5.6-13.el6 (string)

product_name : Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS (string)

release_date : 2014-10-30T00:00:00Z (string)

}

9 : { »

advisory : RHSA-2014:1765 (string)

cpe : cpe:/a:redhat:rhel_software_collections:1::el6 (string)

package : php54-php-0:5.4.16-22.el6 (string)

product_name : Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS (string)

release_date : 2014-10-30T00:00:00Z (string)

}

10 : { »

advisory : RHSA-2014:1766 (string)

cpe : cpe:/a:redhat:rhel_software_collections:1::el6 (string)

package : php55-php-0:5.5.6-13.el6 (string)

product_name : Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS (string)

release_date : 2014-10-30T00:00:00Z (string)

}

11 : { »

advisory : RHSA-2014:1765 (string)

cpe : cpe:/a:redhat:rhel_software_collections:1::el6 (string)

package : php54-php-0:5.4.16-22.el6 (string)

product_name : Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS (string)

release_date : 2014-10-30T00:00:00Z (string)

}

12 : { »

advisory : RHSA-2014:1766 (string)

cpe : cpe:/a:redhat:rhel_software_collections:1::el6 (string)

package : php55-php-0:5.5.6-13.el6 (string)

product_name : Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS (string)

release_date : 2014-10-30T00:00:00Z (string)

}

13 : { »

advisory : RHSA-2014:1765 (string)

cpe : cpe:/a:redhat:rhel_software_collections:1::el7 (string)

package : php54-php-0:5.4.16-22.el7 (string)

product_name : Red Hat Software Collections 1 for Red Hat Enterprise Linux 7 (string)

release_date : 2014-10-30T00:00:00Z (string)

}

14 : { »

advisory : RHSA-2014:1766 (string)

cpe : cpe:/a:redhat:rhel_software_collections:1::el7 (string)

package : php55-php-0:5.5.6-13.el7 (string)

product_name : Red Hat Software Collections 1 for Red Hat Enterprise Linux 7 (string)

release_date : 2014-10-30T00:00:00Z (string)

}

]

bugzilla : { »

description : file: out-of-bounds read in elf note headers (string)

id : 1155071 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1155071 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 4.3 (string)

cvss_scoring_vector : AV:N/AC:M/Au:N/C:N/I:N/A:P (string)

status : verified (string)

}

cwe : CWE-125 (string)

details : [ »

0 : The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. (string)

1 : An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. (string)

]

name : CVE-2014-3710 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

fix_state : Will not fix (string)

package_name : file (string)

product_name : Red Hat Enterprise Linux 5 (string)

}

1 : { »

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

fix_state : Not affected (string)

package_name : php (string)

product_name : Red Hat Enterprise Linux 5 (string)

}

]

public_date : 2014-10-22T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2014-3710 https://nvd.nist.gov/vuln/detail/CVE-2014-3710 (string)

]

threat_severity : Moderate (string)

}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object