Описание
Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.
A heap-based buffer overflow flaw was found in cpio's list_file() function. An attacker could provide a specially crafted archive that, when processed by cpio, would crash cpio, or potentially lead to arbitrary code execution.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | cpio | Will not fix | ||
| Red Hat Enterprise Linux 6 | cpio | Will not fix | ||
| Red Hat Enterprise Linux 7 | cpio | Fixed | RHSA-2015:2108 | 19.11.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.1 Medium
CVSS2
Связанные уязвимости
Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.
Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.
Heap-based buffer overflow in the process_copy_in function in GNU Cpio ...
Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.
ELSA-2015-2108: cpio security and bug fix update (MODERATE)
EPSS
5.1 Medium
CVSS2