CVE-2015-8872 — Off-by-one Error in Dosfstools

CWE-189 CWE-193 — Off-by-one Error8 documents7 sources

Severity

6.2MEDIUMNVD

EPSS

0.1%

top 76.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dosfstools Project Dosfstools Debian Dosfstools Canonical Ubuntu Linux +2 more

Timeline

PublishedJun 3

Latest updateMay 13

Description

The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.5 | Impact: 3.6

Affected Packages5 packages

▶debiandebian/dosfstools< dosfstools 4.0-1 (bookworm)

▶Debiandosfstools_project/dosfstools< 4.0-1+3

▶NVDdosfstools_project/dosfstools3.0.28

▶NVDopensuse/leap42.1

▶NVDopensuse/opensuse13.2

Also affects: Ubuntu Linux 12.04, 14.04, 15.10, 16.04

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-2vww-49j7-chwm: The set_fat function in fat↗2022-05-13

▶

OSV

CVE-2015-8872: The set_fat function in fat↗2016-06-03

▶

📋Vendor Advisories

Ubuntu

dosfstools vulnerabilities↗2016-05-31

▶

Red Hat

dosfstools: Off-by-2 error leading to corruption in FAT12↗2016-05-14

▶

Debian

CVE-2015-8872: dosfstools - The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to ...↗2015

▶

💬Community

Bugzilla

CVE-2015-8872 CVE-2016-4804 dosfstools: various flaws [fedora-all]↗2016-05-19

▶

Bugzilla

CVE-2015-8872 dosfstools: Off-by-2 error leading to corruption in FAT12↗2016-05-17

▶