{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-12-10T00:00:00", "descriptions": [{"lang": "en", "value": "The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/file/file/commit/d7cdad007c507e6c79f51f058dd77fab70ceb9f6"}, {"name": "61944", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/61944"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"}, {"name": "FreeBSD-SA-14:28", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc"}, {"name": "71700", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/71700"}, {"name": "RHSA-2016:0760", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/file/file/commit/b4c01141e5367f247b84dcaf6aefbb4e741842b8"}, {"name": "USN-2494-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2494-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"name": "1031344", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1031344"}, {"name": "62081", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62081"}, {"name": "[oss-security] 20141216 file(1): multiple denial of service issues (resource consumption), CVE-2014-8116 and CVE-2014-8117", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2014/q4/1056"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://advisories.mageia.org/MGASA-2015-0040.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/file/file/blob/00cef282a902a4a6709bbbbb933ee397768caa38/ChangeLog"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-8116", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/file/file/commit/d7cdad007c507e6c79f51f058dd77fab70ceb9f6", "refsource": "CONFIRM", "url": "https://github.com/file/file/commit/d7cdad007c507e6c79f51f058dd77fab70ceb9f6"}, {"name": "61944", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61944"}, {"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"}, {"name": "FreeBSD-SA-14:28", "refsource": "FREEBSD", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc"}, {"name": "71700", "refsource": "BID", "url": "http://www.securityfocus.com/bid/71700"}, {"name": "RHSA-2016:0760", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"}, {"name": "https://github.com/file/file/commit/b4c01141e5367f247b84dcaf6aefbb4e741842b8", "refsource": "CONFIRM", "url": "https://github.com/file/file/commit/b4c01141e5367f247b84dcaf6aefbb4e741842b8"}, {"name": "USN-2494-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2494-1"}, {"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"name": "1031344", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1031344"}, {"name": "62081", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62081"}, {"name": "[oss-security] 20141216 file(1): multiple denial of service issues (resource consumption), CVE-2014-8116 and CVE-2014-8117", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2014/q4/1056"}, {"name": "http://advisories.mageia.org/MGASA-2015-0040.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2015-0040.html"}, {"name": "https://github.com/file/file/blob/00cef282a902a4a6709bbbbb933ee397768caa38/ChangeLog", "refsource": "CONFIRM", "url": "https://github.com/file/file/blob/00cef282a902a4a6709bbbbb933ee397768caa38/ChangeLog"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:10:51.049Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/file/file/commit/d7cdad007c507e6c79f51f058dd77fab70ceb9f6"}, {"name": "61944", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/61944"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"}, {"name": "FreeBSD-SA-14:28", "tags": ["vendor-advisory", "x_refsource_FREEBSD", "x_transferred"], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc"}, {"name": "71700", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/71700"}, {"name": "RHSA-2016:0760", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/file/file/commit/b4c01141e5367f247b84dcaf6aefbb4e741842b8"}, {"name": "USN-2494-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2494-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"name": "1031344", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1031344"}, {"name": "62081", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62081"}, {"name": "[oss-security] 20141216 file(1): multiple denial of service issues (resource consumption), CVE-2014-8116 and CVE-2014-8117", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/oss-sec/2014/q4/1056"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://advisories.mageia.org/MGASA-2015-0040.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/file/file/blob/00cef282a902a4a6709bbbbb933ee397768caa38/ChangeLog"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-8116", "datePublished": "2014-12-17T19:00:00", "dateReserved": "2014-10-10T00:00:00", "dateUpdated": "2024-08-06T13:10:51.049Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:file_project:file:5.20:*:*:*:*:*:*:*", "matchCriteriaId": "46EB72D1-7459-44F9-B984-39721A3934A5", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9EC02F3-3905-460D-8949-3B26394215CA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F805A106-9A6F-48E7-8582-D3C5A26DFC11", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*", "matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities."}, {"lang": "es", "value": "El int\u00e9rprete ELF (readelf.c) en versiones anteriores a 5.21, permite a atacantes remotos, provocar una denegaci?o de servicio (consumo de CPU o rotura) mediante un n\u00famero largo de (1) programa o (2) cabeceras de secci\u00f3n o (3) capacidades no v\u00e1lidas."}], "id": "CVE-2014-8116", "lastModified": "2018-01-05T02:29:54.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-12-17T19:59:02.637", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://advisories.mageia.org/MGASA-2015-0040.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-0760.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/oss-sec/2014/q4/1056"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/61944"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/62081"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/71700"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1031344"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2494-1"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Issue Tracking"], "url": "https://github.com/file/file/blob/00cef282a902a4a6709bbbbb933ee397768caa38/ChangeLog"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Issue Tracking"], "url": "https://github.com/file/file/commit/b4c01141e5367f247b84dcaf6aefbb4e741842b8"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Issue Tracking"], "url": "https://github.com/file/file/commit/d7cdad007c507e6c79f51f058dd77fab70ceb9f6"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Thomas Jarosch (Intra2net AG) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2016:0760", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "file-0:5.04-30.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2016-05-10T00:00:00Z"}, {"advisory": "RHSA-2015:2155", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "file-0:5.11-31.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-11-19T00:00:00Z"}], "bugzilla": {"description": "file: multiple denial of service issues (resource consumption)", "id": "1171580", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1171580"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified"}, "cwe": "CWE-400->CWE-674", "details": ["The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.", "Multiple flaws were found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to consume an excessive amount of system resources."], "name": "CVE-2014-8116", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "file", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "php53", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:1", "fix_state": "Not affected", "package_name": "php54-php", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:1", "fix_state": "Not affected", "package_name": "php55-php", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Not affected", "package_name": "rh-php56-php", "product_name": "Red Hat Software Collections"}], "public_date": "2014-12-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-8116\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8116"], "threat_severity": "Moderate", "upstream_fix": "file 5.21"}