VYPR
Unrated severityNVD Advisory· Published Jul 3, 2014· Updated Jun 17, 2026

CVE-2014-3538

CVE-2014-3538

Description

file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

26
  • File Project/File20 versions
    cpe:2.3:a:christos_zoulas:file:*:*:*:*:*:*:*:*+ 19 more
    • cpe:2.3:a:christos_zoulas:file:*:*:*:*:*:*:*:*range: <=5.18
    • cpe:2.3:a:christos_zoulas:file:5.00:*:*:*:*:*:*:*
    • cpe:2.3:a:christos_zoulas:file:5.01:*:*:*:*:*:*:*
    • cpe:2.3:a:christos_zoulas:file:5.02:*:*:*:*:*:*:*
    • cpe:2.3:a:christos_zoulas:file:5.03:*:*:*:*:*:*:*
    • cpe:2.3:a:christos_zoulas:file:5.04:*:*:*:*:*:*:*
    • cpe:2.3:a:christos_zoulas:file:5.05:*:*:*:*:*:*:*
    • cpe:2.3:a:christos_zoulas:file:5.06:*:*:*:*:*:*:*
    • cpe:2.3:a:christos_zoulas:file:5.07:*:*:*:*:*:*:*
    • cpe:2.3:a:christos_zoulas:file:5.08:*:*:*:*:*:*:*
    • cpe:2.3:a:christos_zoulas:file:5.09:*:*:*:*:*:*:*
    • cpe:2.3:a:christos_zoulas:file:5.10:*:*:*:*:*:*:*
    • cpe:2.3:a:christos_zoulas:file:5.11:*:*:*:*:*:*:*
    • cpe:2.3:a:christos_zoulas:file:5.12:*:*:*:*:*:*:*
    • cpe:2.3:a:christos_zoulas:file:5.13:*:*:*:*:*:*:*
    • cpe:2.3:a:christos_zoulas:file:5.14:*:*:*:*:*:*:*
    • cpe:2.3:a:christos_zoulas:file:5.15:*:*:*:*:*:*:*
    • cpe:2.3:a:christos_zoulas:file:5.16:*:*:*:*:*:*:*
    • cpe:2.3:a:christos_zoulas:file:5.17:*:*:*:*:*:*:*
    • (no CPE)range: <5.19
  • cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
    Range: >=5.4.0,<5.4.32
  • Debian/linux2 versions
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • osv-coords3 versions
    < 5.6.28-1.1+ 2 more
    • (no CPE)range: < 5.6.28-1.1
    • (no CPE)range: < 7.0.14-1.4
    • (no CPE)range: < 8.0.11-1.1

Patches

Vulnerability mechanics

References

22

News mentions

0

No linked articles in our index yet.