CVE-2014-0237 — Inefficient Algorithmic Complexity in PHP

CWE-399 CWE-407 — Inefficient Algorithmic Complexity13 documents9 sources

Severity

5.0MEDIUMNVD

OSV7.2

EPSS

38.2%

top 2.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

File Project File PHP Php5 +1 more

Timeline

PublishedJun 1

Latest updateMay 17

Description

The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDphp/php5.4.0 — 5.4.29+2

▶Ubuntuphp5/php5< 5.5.9+dfsg-1ubuntu4.1+1

▶Debianfile_project/file< 1:5.19-1+3

Also affects: Debian Linux 7.0, 8.0

Patches

Patch: bugs.php.net ↗Patch: github.com ↗Patch: bugs.php.net ↗

🔴Vulnerability Details

GHSA

GHSA-9f63-6gmg-2983: The cdf_unpack_summary_info function in cdf↗2022-05-17

▶

OSV

php5 updates↗2014-06-25

▶

OSV

php5 vulnerabilities↗2014-06-23

▶

CVEList

CVE-2014-0237: The cdf_unpack_summary_info function in cdf↗2014-06-01

▶

OSV

CVE-2014-0237: The cdf_unpack_summary_info function in cdf↗2014-06-01

▶

📋Vendor Advisories

Ubuntu

PHP vulnerabilities↗2014-06-23

▶

Red Hat

file: cdf_unpack_summary_info() excessive looping DoS↗2014-05-29

▶

Debian

CVE-2014-0237: file - The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP b...↗2014

▶

Apple

CVE-2014-0237: OS X Yosemite v10.10.3 and Security Update 2015-004↗

▶

💬Community

Bugzilla

CVE-2014-0237 CVE-2014-0238 file: various flaws [fedora-all]↗2014-06-02

▶

Bugzilla

CVE-2014-0237 CVE-2014-0238 php: various flaws [fedora-all]↗2014-06-02

▶

Bugzilla

CVE-2014-0237 file: cdf_unpack_summary_info() excessive looping DoS↗2014-05-15

▶