CVE-2005-4268

CWE-119 — Buffer Overflow11 documents9 sources

Severity

3.7LOW

EPSS

0.1%

top 84.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Cpio

Timeline

PublishedDec 15

Latest updateMay 3

Description

Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits.

CVSS vector

AV:L/AC:H/C:P/I:P/A:PExploitability: 1.9 | Impact: 6.4

Affected Packages2 packages

▶Debiancpio< 2.6-10+3

▶NVDgnu/cpio2.6-8

🔴Vulnerability Details

GHSA

GHSA-gf47-4488-9gh6: Buffer overflow in cpio 2↗2022-05-03

▶

OSV

CVE-2005-4268: Buffer overflow in cpio 2↗2005-12-15

▶

CVEList

CVE-2005-4268: Buffer overflow in cpio 2↗2005-12-15

▶

📋Vendor Advisories

BSD

FreeBSD-SA-06:03.cpio: Multiple vulnerabilities cpio↗2006-01-11

▶

Ubuntu

cpio vulnerability↗2006-01-03

▶

Red Hat

cpio large filesize buffer overflow↗2005-11-07

▶

Debian

CVE-2005-4268: cpio - Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio arch...↗2005

▶

💬Community

Bugzilla

CVE-2005-4268 cpio large filesize buffer overflow↗2007-02-19

▶

Bugzilla

CVE-2005-4268 cpio large filesize buffer overflow↗2005-11-10

▶

Bugzilla

CVE-2005-4268 cpio large filesize buffer overflow↗2005-11-08

▶