13 matches found
CentOS 9 : cpio-2.13-16.el9
The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the cpio-2.13-16.el9 build changelog. - GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that...
NewStart CGSL MAIN 6.06 : cpio Vulnerability (NS-SA-2023-0088)
The remote NewStart CGSL host, running version MAIN 6.06, has cpio packages installed that are affected by a vulnerability: - GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-boun...
SUSE CVE-2021-38185
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...
AlmaLinux 8 : cpio (ALSA-2022:1991)
The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2022:1991 advisory. - GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an...
RHEL 8 : cpio (RHSA-2022:1991)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:1991 advisory. The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another. Security Fixes: cpio...
cpio: integer overflow in ds_fgetstr() in dstring.c can lead to an out-of-bounds write via a crafted pattern file
A flaw was found in cpio. An integer overflow that triggers an out-of-bounds heap write can allow an attacker to execute arbitrary code via a crafted pattern file. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
CentOS 8 : cpio (CESA-2022:1991)
The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2022:1991 advisory. - cpio: integer overflow in dsfgetstr in dstring.c can lead to an out-of-bounds write via a crafted pattern file CVE-2021-38185 Note that Nessus has not tested...
EulerOS Virtualization 3.0.6.6 : cpio (EulerOS-SA-2022-1114)
According to the versions of the cpio package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The cpiosafernamesuffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service out-of-bounds write via...
OESA-2021-1325 cpio security update
GNU cpio copies files into or out of a cpio or tar archive. The archive can be another file on the disk, a magnetic tape, or a pipe. Security Fixes: GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that...
CVE-2021-38185
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...
Integer overflow
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...
cpio 输入验证错误漏洞
cpio is a file backup program for UNIX-like systems. A security vulnerability exists in cpio. Allows an attacker to execute arbitrary code via a carefully crafted pattern file, as a dstring.c dsfgetstr integer overflow triggers an out-of-bounds heap write...
CVE-2021-38185
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...