CVE-2014-3538

Publication date 3 July 2014

Last updated 24 July 2024

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
file	14.04 LTS trusty	Fixed 1:5.14-2ubuntu3.1
	13.10 saucy	Fixed 5.11-2ubuntu4.3
	12.04 LTS precise	Fixed 5.09-2ubuntu0.4
	10.04 LTS lucid	Ignored

Notes

mdeslaur

This fix introduces new functionnality and is too intrusive to backport to lucid.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
file	Upstream: 758e066 Upstream: 74cafd7 Upstream: 71a8b6c Upstream: 69a5a43 Upstream: 4a284c8

References

Related Ubuntu Security Notices (USN)