CVE-2014-9620Allocation of Resources Without Limits or Throttling in Project File

CWE-399CWE-770Allocation of Resources Without Limits or Throttling9 documents8 sources
Severity
5.0MEDIUMNVD
EPSS
8.3%
top 7.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
File Project File
Timeline
PublishedJan 21
Latest updateMay 14

Description

The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

Debianfile_project/file< 1:5.21+15-1+3
Ubuntufile_project/file< 1:5.14-2ubuntu3.4+2
NVDfile_project/file14 versions+13

🔴Vulnerability Details

4
GHSA
GHSA-7ffm-2w4x-4wm5: The ELF parser in file 52022-05-14
OSV
file vulnerabilities2018-06-14
CVEList
CVE-2014-9620: The ELF parser in file 52015-01-21
OSV
CVE-2014-9620: The ELF parser in file 52015-01-21

📋Vendor Advisories

3
Ubuntu
file vulnerabilities2018-06-14
Red Hat
file: limit the number of ELF notes processed2015-01-03
Debian
CVE-2014-9620: file - The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a deni...2014

💬Community

1
Bugzilla
CVE-2014-9620 file: limit the number of ELF notes processed2015-01-09
CVE-2014-9620 — File Project File vulnerability | cvebase