{
  "threat_severity" : "Moderate",
  "public_date" : "2014-02-10T00:00:00Z",
  "bugzilla" : {
    "description" : "file: unrestricted recursion in handling of indirect type rules",
    "id" : "1065836",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1065836"
  },
  "cvss" : {
    "cvss_base_score" : "4.3",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
    "status" : "verified"
  },
  "cwe" : "CWE-835",
  "details" : [ "Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.", "A denial of service flaw was found in the way the File Information (fileinfo) extension handled indirect rules. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU." ],
  "statement" : "This issue did not affect the php packages as shipped with Red Hat Enterprise Linux 5. This issue did not affect the php packages as shipped with Red Hat Enterprise Linux 7.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2014-08-06T00:00:00Z",
    "advisory" : "RHSA-2014:1012",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "php53-0:5.3.3-23.el5_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2014-08-06T00:00:00Z",
    "advisory" : "RHSA-2014:1012",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "php-0:5.3.3-27.el6_5.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2014-10-13T00:00:00Z",
    "advisory" : "RHSA-2014:1606",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "file-0:5.04-21.el6"
  }, {
    "product_name" : "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6",
    "release_date" : "2014-10-30T00:00:00Z",
    "advisory" : "RHSA-2014:1765",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:1::el6",
    "package" : "php54-php-0:5.4.16-22.el6"
  }, {
    "product_name" : "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS",
    "release_date" : "2014-10-30T00:00:00Z",
    "advisory" : "RHSA-2014:1765",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:1::el6",
    "package" : "php54-php-0:5.4.16-22.el6"
  }, {
    "product_name" : "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS",
    "release_date" : "2014-10-30T00:00:00Z",
    "advisory" : "RHSA-2014:1765",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:1::el6",
    "package" : "php54-php-0:5.4.16-22.el6"
  }, {
    "product_name" : "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS",
    "release_date" : "2014-10-30T00:00:00Z",
    "advisory" : "RHSA-2014:1765",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:1::el6",
    "package" : "php54-php-0:5.4.16-22.el6"
  }, {
    "product_name" : "Red Hat Software Collections 1 for Red Hat Enterprise Linux 7",
    "release_date" : "2014-10-30T00:00:00Z",
    "advisory" : "RHSA-2014:1765",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:1::el7",
    "package" : "php54-php-0:5.4.16-22.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "cdrtools",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "file",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "php",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "rpm",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "file",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "php",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Software Collections",
    "fix_state" : "Affected",
    "package_name" : "php55-php",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:1"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-1943\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1943" ],
  "name" : "CVE-2014-1943",
  "csaw" : false
}