Описание
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.
A flaw was found in cpio. An integer overflow that triggers an out-of-bounds heap write can allow an attacker to execute arbitrary code via a crafted pattern file. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Отчет
cpio on Red Hat Enterprise Linux 8 is compiled with full RELRO, which mitigates the exploitation technique demonstrated in the report. Additionally, this requires the use of an unusual set of parameters.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | cpio | Out of support scope | ||
| Red Hat Enterprise Linux 7 | cpio | Out of support scope | ||
| Red Hat Enterprise Linux 9 | cpio | Not affected | ||
| Red Hat Enterprise Linux 8 | cpio | Fixed | RHSA-2022:1991 | 10.05.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
7 High
CVSS3
Связанные уязвимости
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.
GNU cpio through 2.13 allows attackers to execute arbitrary code via a ...
EPSS
7 High
CVSS3