CVE-2014-3710 — MEDIUM (5.0)

Q: How severe is CVE-2014-3710?

CVE-2014-3710 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-3710?

Check the references section above for vendor advisories and patch information. Affected products include: Php Php, Debian Debian Linux, Canonical Ubuntu Linux.

Vulnerability Description

The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Php	Php	>= 5.4.0, < 5.4.35
Debian	Debian Linux	7.0
Canonical	Ubuntu Linux	10.04

Related Weaknesses (CWE)

CWE-20

References

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1803228597e82218a8c105e67975bc5
http://linux.oracle.com/errata/ELSA-2014-1767.htmlThird Party Advisory
http://linux.oracle.com/errata/ELSA-2014-1768.htmlThird Party Advisory
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-11/msg00113.htmlMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1765.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1766.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1767.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1768.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0760.htmlThird Party Advisory
http://secunia.com/advisories/60630Third Party Advisory
http://secunia.com/advisories/60699Third Party Advisory
http://secunia.com/advisories/61763Third Party Advisory
http://secunia.com/advisories/61970Third Party Advisory
http://secunia.com/advisories/61982Third Party Advisory

FAQ

What is CVE-2014-3710?

CVE-2014-3710 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause...

How severe is CVE-2014-3710?

CVE-2014-3710 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-3710?

Check the references section above for vendor advisories and patch information. Affected products include: Php Php, Debian Debian Linux, Canonical Ubuntu Linux.