CVE-2011-3631 — Integer Overflow or Wraparound in Project Hardlink

CWE-190 — Integer Overflow or Wraparound7 documents5 sources

Severity

8.8HIGHNVD

EPSS

4.2%

top 11.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hardlink Project Hardlink Hardlink Debian Linux +2 more

Timeline

PublishedNov 26

Latest updateApr 22

Description

Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and trick the local user into consolidating it, leading to hardlink executable crash or potentially arbitrary code execution with user privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDhardlink_project/hardlink< 0.1.2

▶debiandebian/hardlink

▶CVEListV5hardlink/hardlink0.3.0

Also affects: Debian Linux 10.0, 8.0, 9.0, Enterprise Linux 5.0, 6.0

🔴Vulnerability Details

GHSA

GHSA-j3j5-x3ff-v276: Hardlink before 0↗2022-04-22

▶

📋Vendor Advisories

Red Hat

hardlink: Multiple integer overflows, when adding string lengths↗2011-10-15

▶

Debian

CVE-2011-3631: hardlink - Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffe...↗2011

▶

💬Community

Bugzilla

CVE-2011-3631 hardlink: Multiple integer overflows, when adding string lengths↗2011-10-17

▶

Bugzilla

CVE-2011-3630 CVE-2011-3631 CVE-2011-3632 hardlink various flaws [fedora-all]↗2011-10-17

▶