CVE-2010-0624
published 2010-03-15CVE-2010-0624: Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows…
medium6.8CVSS 3.1
AVNACMAuNCPIPAP
Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.
Affected
47 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | cpio | < cpio 2.11-1 (bookworm) | cpio 2.11-1 (bookworm) |
| debian | tar | < cpio 2.11-1 (bookworm) | cpio 2.11-1 (bookworm) |
| gnu | cpio | <= 2.10 | — |
| gnu | cpio | — | — |
| gnu | cpio | — | — |
| gnu | cpio | — | — |
| gnu | cpio | — | — |
| gnu | cpio | — | — |
| gnu | cpio | — | — |
| gnu | cpio | — | — |
| gnu | cpio | — | — |
| gnu | cpio | — | — |
| gnu | cpio | — | — |
| gnu | cpio | — | — |
| gnu | cpio | >= 0 < 2.11-1 | 2.11-1 |
| gnu | cpio | >= 0 < 2.11-1 | 2.11-1 |
| gnu | cpio | >= 0 < 2.11-1 | 2.11-1 |
| gnu | cpio | >= 0 < 2.11-1 | 2.11-1 |
| gnu | cpio | >= 0 < 2.11+dfsg-1ubuntu1.1 | 2.11+dfsg-1ubuntu1.1 |
| gnu | tar | <= 1.22 | — |
| gnu | tar | — | — |
| gnu | tar | — | — |
| gnu | tar | — | — |
| gnu | tar | — | — |
| gnu | tar | — | — |
CVSS provenance
nvd6.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM