CVE-2013-7345

Advisory lineage Upstream: 0 Downstream: 12
Modified
Published: 23 Mar 2014, 15:00
Last modified:06 Aug 2024, 18:01

Vulnerability Summary

Overall Risk (default)
medium
30/100
CVSS Score
5 MEDIUM
v2.0 (nvd)
EPSS Score
1.13% LOW
1% probability -2.05%
KEV
Not listed
Ransomware
No reports
Public exploits
2 found
Dark Web
Not detected

Timeline

23 Mar 2014, 15:00
Published
Vulnerability first disclosed
06 Aug 2024, 18:01
Last Modified
Vulnerability information updated

Description

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.

CVSS Metrics

  • v2.0MEDIUMScore: 5AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 1.13% Percentile: 79%

Affected Systems

  • christos_zoulasfile

    < 5.15

  • debiandebian_linux

    6.0 | 7.0 | 8.0

  • UnknownPHP

    ≥ 5.4.0, < 5.4.27 | ≥ 5.5.0, < 5.5.11

References (6)