CVE-2014-8116 — Uncontrolled Resource Consumption in Project File

CWE-399 CWE-400 — Uncontrolled Resource Consumption CWE-674 — Uncontrolled Recursion12 documents9 sources

Severity

5.0MEDIUMNVD

EPSS

15.9%

top 5.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

File Project File Canonical Ubuntu Linux Mageia

Timeline

PublishedDec 17

Latest updateMay 14

Description

The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶Debianfile_project/file< 1:5.21+15-1+3

▶Ubuntufile_project/file< 1:5.14-2ubuntu3.3

▶NVDfile_project/file5.20

▶NVDmageia/mageia4.0

Also affects: Ubuntu Linux 10.04, 12.04, 14.04, 14.10

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-633g-rmvw-w6m6: The ELF parser (readelf↗2022-05-14

▶

OSV

file vulnerabilities↗2015-02-04

▶

OSV

CVE-2014-8116: The ELF parser (readelf↗2014-12-17

▶

CVEList

CVE-2014-8116: The ELF parser (readelf↗2014-12-17

▶

📋Vendor Advisories

Ubuntu

file vulnerabilities↗2015-02-04

▶

Red Hat

file: multiple denial of service issues (resource consumption)↗2014-12-16

▶

BSD

FreeBSD-SA-14:28.file: Multiple vulnerabilities in file(1) and libmagic(3)↗2014-12-10

▶

Debian

CVE-2014-8116: file - The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause ...↗2014

▶

💬Community

Bugzilla

CVE-2014-8116 CVE-2014-8117 file: various flaws [fedora-all]↗2014-12-16

▶

Bugzilla

CVE-2014-8117 file: denial of service issue (resource consumption)↗2014-12-16

▶

Bugzilla

CVE-2014-8116 file: multiple denial of service issues (resource consumption)↗2014-12-08

▶