Описание
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2.12+dfsg-6ubuntu0.18.04.4 |
| devel | released | 2.13+dfsg-4ubuntu4 |
| esm-infra-legacy/trusty | not-affected | 2.11+dfsg-1ubuntu1.2+esm2 |
| esm-infra/bionic | not-affected | 2.12+dfsg-6ubuntu0.18.04.4 |
| esm-infra/focal | not-affected | 2.13+dfsg-2ubuntu0.3 |
| esm-infra/xenial | released | 2.11+dfsg-5ubuntu1.1+esm1 |
| focal | released | 2.13+dfsg-2ubuntu0.3 |
| hirsute | released | 2.13+dfsg-4ubuntu0.3 |
| impish | released | 2.13+dfsg-4ubuntu4 |
| jammy | released | 2.13+dfsg-4ubuntu4 |
Показывать по
Ссылки на источники
EPSS
6.8 Medium
CVSS2
7.8 High
CVSS3
Связанные уязвимости
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.
GNU cpio through 2.13 allows attackers to execute arbitrary code via a ...
EPSS
6.8 Medium
CVSS2
7.8 High
CVSS3