619 matches found
Remote Code Execution (RCE)
GNU is vulnerable to Remote Code Execution RCE. The vulnerability exists due to an integer overflow that triggers an out-of-bounds heap write...
CVE-2021-38185
A flaw was found in cpio. An integer overflow that triggers an out-of-bounds heap write can allow an attacker to execute arbitrary code via a crafted pattern file. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
CVE-2021-38185
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...
DEBIAN-CVE-2021-38185
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...
CVE-2021-38185
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...
Integer overflow
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...
CVE-2021-38185
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...
UBUNTU-CVE-2021-38185
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...
cpio 输入验证错误漏洞
cpio is a file backup program for UNIX-like systems. A security vulnerability exists in cpio. Allows an attacker to execute arbitrary code via a carefully crafted pattern file, as a dstring.c dsfgetstr integer overflow triggers an out-of-bounds heap write...
CVE-2021-38185
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...
CVE-2021-38185
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...
CVE-2021-38185
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...
CVE-2021-38185
CVE-2021-38185 affects GNU cpio up to version 2.13. The issue is an integer overflow in ds_fgetstr() (dstring.c) that can trigger an out-of-bounds heap write via a crafted pattern file, potentially enabling arbitrary code execution. Public advisories from multiple vendors confirm patched releases...
CVE-2021-38185
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...
openSUSE: Security Advisory for nginx (openSUSE-SU-2021:0835-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2021:0835-1 Security update for nginx
This update for nginx fixes the following issues: - CVE-2021-23017: nginx DNS resolver off-by-one heap write bsc1186126 This update was imported from the SUSE:SLE-15-SP1:Update update project...
SUSE-SU-2021:1839-1 Security update for nginx
This update for nginx fixes the following issues: - CVE-2021-23017: nginx DNS resolver off-by-one heap write bsc1186126...
SUSE-SU-2021:1815-1 Security update for nginx
This update for nginx fixes the following issues: - CVE-2021-23017: nginx DNS resolver off-by-one heap write bsc1186126...
SUSE-SU-2021:1814-1 Security update for nginx
This update for nginx fixes the following issues: - CVE-2021-23017: nginx DNS resolver off-by-one heap write bsc1186126...
nginx 1.20.0 DNS Resolver Off-By-One Heap Write Exploit
An off-by-one error in ngxresolvercopy while processing DNS responses allows a network attacker to write a dot character '.', 0x2E out of bounds in a heap allocated buffer. The vulnerability can be triggered by a DNS response in reply to a DNS request from nginx when the resolver primitive is...