CVE-2011-3630 — Out-of-bounds Write in Project Hardlink

CWE-787 — Out-of-bounds Write CWE-121 — Stack-based Buffer Overflow6 documents5 sources

Severity

8.8HIGHNVD

EPSS

3.1%

top 13.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hardlink Project Hardlink Hardlink Debian Linux +2 more

Timeline

PublishedNov 26

Latest updateApr 22

Description

Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a specially-crafted directory tree, and trick the local user into consolidating it, leading to hardlink executable crash, or, potentially arbitrary code execution with the privileges of the user running the hardlink executable.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDhardlink_project/hardlink< 0.1.2

▶debiandebian/hardlink

▶CVEListV5hardlink/hardlinkbefore 0.1.2

Also affects: Debian Linux 10.0, 8.0, 9.0, Enterprise Linux 5.0, 6.0

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-pc7f-j836-p34f: Hardlink before 0↗2022-04-22

▶

📋Vendor Advisories

Red Hat

hardlink: Multiple stack-based buffer overflows when run on a tree with deeply nested directories↗2011-10-15

▶

Debian

CVE-2011-3630: hardlink - Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws bec...↗2011

▶

💬Community

Bugzilla

CVE-2011-3630 CVE-2011-3631 CVE-2011-3632 hardlink various flaws [fedora-all]↗2011-10-17

▶

Bugzilla

CVE-2011-3630 hardlink: Multiple stack-based buffer overflows when run on a tree with deeply nested directories↗2011-10-17

▶