CVE-2014-9621Allocation of Resources Without Limits or Throttling in Project File

CWE-399CWE-770Allocation of Resources Without Limits or Throttling9 documents8 sources
Severity
5.0MEDIUMNVD
EPSS
1.3%
top 20.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
File Project File
Timeline
PublishedJan 21
Latest updateMay 14

Description

The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

Debianfile_project/file< 1:5.21+15-1+3
Ubuntufile_project/file< 1:5.14-2ubuntu3.4+2
NVDfile_project/file6 versions+5

🔴Vulnerability Details

4
GHSA
GHSA-37mq-9v9g-wmfw: The ELF parser in file 52022-05-14
OSV
file vulnerabilities2018-06-14
CVEList
CVE-2014-9621: The ELF parser in file 52015-01-21
OSV
CVE-2014-9621: The ELF parser in file 52015-01-21

📋Vendor Advisories

3
Ubuntu
file vulnerabilities2018-06-14
Red Hat
file: limit string printing to 100 chars2015-01-03
Debian
CVE-2014-9621: file - The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a deni...2014

💬Community

1
Bugzilla
CVE-2014-9621 file: limit string printing to 100 chars2015-01-09
CVE-2014-9621 — File Project File vulnerability | cvebase