Lucene search
+L

619 matches found

veracode
veracode
added 2021/08/12 2:0 p.m.44 views

Remote Code Execution (RCE)

GNU is vulnerable to Remote Code Execution RCE. The vulnerability exists due to an integer overflow that triggers an out-of-bounds heap write...

7.8CVSS8.1AI score0.0415EPSS
Exploits1References6Affected Software1
redhatcve
redhatcve
added 2021/08/09 8:19 p.m.71 views

CVE-2021-38185

A flaw was found in cpio. An integer overflow that triggers an out-of-bounds heap write can allow an attacker to execute arbitrary code via a crafted pattern file. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

7.8CVSS6.9AI score0.0415EPSS
Exploits1References3
nvd
nvd
added 2021/08/08 12:15 a.m.18 views

CVE-2021-38185

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...

7.8CVSS0.0415EPSS
Exploits1References5
osv
osv
added 2021/08/08 12:15 a.m.1 views

DEBIAN-CVE-2021-38185

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...

7.8CVSS7.5AI score0.0415EPSS
Exploits1References1
osv
osv
added 2021/08/08 12:15 a.m.27 views

CVE-2021-38185

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...

7.8CVSS7.7AI score
Exploits0References5
prion
prion
added 2021/08/08 12:15 a.m.31 views

Integer overflow

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...

6.8CVSS7.9AI score0.0415EPSS
Exploits1References5Affected Software1
ubuntucve
ubuntucve
added 2021/08/08 12:15 a.m.41 views

CVE-2021-38185

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...

7.8CVSS7.1AI score0.0415EPSS
Exploits1References7
osv
osv
added 2021/08/08 12:15 a.m.10 views

UBUNTU-CVE-2021-38185

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...

7.8CVSS7.2AI score0.0415EPSS
Exploits1References8
cnnvd
cnnvd
added 2021/08/08 12:0 a.m.3 views

cpio 输入验证错误漏洞

cpio is a file backup program for UNIX-like systems. A security vulnerability exists in cpio. Allows an attacker to execute arbitrary code via a carefully crafted pattern file, as a dstring.c dsfgetstr integer overflow triggers an out-of-bounds heap write...

7.8CVSS7.5AI score0.0415EPSS
Exploits1References27
vulnrichment
vulnrichment
added 2021/08/07 12:0 a.m.5 views

CVE-2021-38185

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...

8.2AI score0.0415EPSS
Exploits1References5
cvelist
cvelist
added 2021/08/07 12:0 a.m.26 views

CVE-2021-38185

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...

8.3AI score0.0415EPSS
Exploits1References5
debiancve
debiancve
added 2021/08/07 12:0 a.m.49 views

CVE-2021-38185

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...

7.8CVSS7.5AI score0.0415EPSS
Exploits1
cve
cve
added 2021/08/07 12:0 a.m.482 views

CVE-2021-38185

CVE-2021-38185 affects GNU cpio up to version 2.13. The issue is an integer overflow in ds_fgetstr() (dstring.c) that can trigger an out-of-bounds heap write via a crafted pattern file, potentially enabling arbitrary code execution. Public advisories from multiple vendors confirm patched releases...

7.8CVSS8.1AI score0.0415EPSS
Exploits1References5Affected Software1
alpinelinux
alpinelinux
added 2021/08/07 12:0 a.m.40 views

CVE-2021-38185

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...

7.8CVSS8.3AI score0.0415EPSS
Exploits1
openvas
openvas
added 2021/06/04 12:0 a.m.35 views

openSUSE: Security Advisory for nginx (openSUSE-SU-2021:0835-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.7CVSS7AI score0.53461EPSS
Exploits10References2
osv
osv
added 2021/06/03 5:33 p.m.15 views

OPENSUSE-SU-2021:0835-1 Security update for nginx

This update for nginx fixes the following issues: - CVE-2021-23017: nginx DNS resolver off-by-one heap write bsc1186126 This update was imported from the SUSE:SLE-15-SP1:Update update project...

7.7CVSS7.9AI score0.53461EPSS
Exploits10References3
osv
osv
added 2021/06/02 2:29 p.m.22 views

SUSE-SU-2021:1839-1 Security update for nginx

This update for nginx fixes the following issues: - CVE-2021-23017: nginx DNS resolver off-by-one heap write bsc1186126...

7.7CVSS7.8AI score0.53461EPSS
Exploits10References3
osv
osv
added 2021/05/31 2:29 p.m.21 views

SUSE-SU-2021:1815-1 Security update for nginx

This update for nginx fixes the following issues: - CVE-2021-23017: nginx DNS resolver off-by-one heap write bsc1186126...

7.7CVSS7.8AI score0.53461EPSS
Exploits10References3
osv
osv
added 2021/05/31 2:29 p.m.15 views

SUSE-SU-2021:1814-1 Security update for nginx

This update for nginx fixes the following issues: - CVE-2021-23017: nginx DNS resolver off-by-one heap write bsc1186126...

7.7CVSS7.8AI score0.53461EPSS
Exploits10References3
zdt
zdt
added 2021/05/27 12:0 a.m.4524 views

nginx 1.20.0 DNS Resolver Off-By-One Heap Write Exploit

An off-by-one error in ngxresolvercopy while processing DNS responses allows a network attacker to write a dot character '.', 0x2E out of bounds in a heap allocated buffer. The vulnerability can be triggered by a DNS response in reply to a DNS request from nginx when the resolver primitive is...

7.7CVSS0.7AI score0.53461EPSS
Exploits10
Rows per page
Query Builder