CVE-2010-0624

CWE-119 — Buffer Overflow CWE-122 — Heap-based Buffer Overflow11 documents8 sources

Severity

6.8MEDIUM

EPSS

1.5%

top 19.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Cpio GNU TAR

Timeline

PublishedMar 15

Latest updateMay 2

Description

Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages4 packages

▶Debiancpio< 2.11-1+3

▶NVDgnu/cpio2.10+11

▶Debiantar< 1.23-1+3

▶NVDgnu/tar1.22+23

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-27jj-5xgw-m6qw: Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib↗2022-05-02

▶

OSV

cpio vulnerabilities↗2015-01-08

▶

OSV

CVE-2010-0624: Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib↗2010-03-15

▶

CVEList

CVE-2010-0624: Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib↗2010-03-12

▶

📋Vendor Advisories

Ubuntu

GNU cpio vulnerabilities↗2015-01-08

▶

Red Hat

cpio: Heap-based buffer overflow by expanding a specially-crafted archive↗2010-03-10

▶

Debian

CVE-2010-0624: cpio - Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the r...↗2010

▶

💬Community

Bugzilla

CVE-2010-0624 tar, cpio: Heap-based buffer overflow by expanding a specially-crafted archive [Fedora all]↗2010-03-10

▶

Bugzilla

CVE-2010-0624 tar, cpio: Heap-based buffer overflow by expanding a specially-crafted archive [Fedora all]↗2010-03-10

▶

Bugzilla

CVE-2010-0624 tar, cpio: Heap-based buffer overflow by expanding a specially-crafted archive↗2010-02-12

▶