CVE-2013-7345 — MEDIUM (5.0)

Q: How severe is CVE-2013-7345?

CVE-2013-7345 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-7345?

Check the references section above for vendor advisories and patch information. Affected products include: Christos Zoulas File, Php Php, Debian Debian Linux.

Vulnerability Description

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Christos Zoulas	File	< 5.15
Php	Php	>= 5.4.0, < 5.4.27
Debian	Debian Linux	6.0

References

http://bugs.gw.com/view.php?id=164Broken LinkExploitIssue Tracking
http://rhn.redhat.com/errata/RHSA-2014-1765.htmlThird Party Advisory
http://support.apple.com/kb/HT6443Third Party Advisory
http://www.debian.org/security/2014/dsa-2873Third Party Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993Issue TrackingThird Party Advisory
https://github.com/file/file/commit/ef2329cf71acb59204dd981e2c6cce6c81fe467cExploitPatchThird Party Advisory
http://bugs.gw.com/view.php?id=164Broken LinkExploitIssue Tracking
http://rhn.redhat.com/errata/RHSA-2014-1765.htmlThird Party Advisory
http://support.apple.com/kb/HT6443Third Party Advisory
http://www.debian.org/security/2014/dsa-2873Third Party Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703993Issue TrackingThird Party Advisory
https://github.com/file/file/commit/ef2329cf71acb59204dd981e2c6cce6c81fe467cExploitPatchThird Party Advisory

FAQ

What is CVE-2013-7345?

CVE-2013-7345 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cau...

How severe is CVE-2013-7345?

CVE-2013-7345 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-7345?

Check the references section above for vendor advisories and patch information. Affected products include: Christos Zoulas File, Php Php, Debian Debian Linux.