csaf_opensuse - opensuse-su-2024:10143-1

Vulnerability from csaf_opensuse

Published

2024-06-15 00:00

Modified

2024-06-15 00:00

Summary

cpio-2.12-3.90 on GA media

Notes

Title of the patch

cpio-2.12-3.90 on GA media

Description of the patch

These are all security issues fixed in the cpio-2.12-3.90 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-10143

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         namespace: "https://www.suse.com/support/security/rating/",
         text: "moderate",
      },
      category: "csaf_security_advisory",
      csaf_version: "2.0",
      distribution: {
         text: "Copyright 2024 SUSE LLC. All rights reserved.",
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "en",
      notes: [
         {
            category: "summary",
            text: "cpio-2.12-3.90 on GA media",
            title: "Title of the patch",
         },
         {
            category: "description",
            text: "These are all security issues fixed in the cpio-2.12-3.90 package on the GA media of openSUSE Tumbleweed.",
            title: "Description of the patch",
         },
         {
            category: "details",
            text: "openSUSE-Tumbleweed-2024-10143",
            title: "Patchnames",
         },
         {
            category: "legal_disclaimer",
            text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
            title: "Terms of use",
         },
      ],
      publisher: {
         category: "vendor",
         contact_details: "https://www.suse.com/support/security/contact/",
         name: "SUSE Product Security Team",
         namespace: "https://www.suse.com/",
      },
      references: [
         {
            category: "external",
            summary: "SUSE ratings",
            url: "https://www.suse.com/support/security/rating/",
         },
         {
            category: "self",
            summary: "URL of this CSAF notice",
            url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10143-1.json",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2010-0624 page",
            url: "https://www.suse.com/security/cve/CVE-2010-0624/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2014-9112 page",
            url: "https://www.suse.com/security/cve/CVE-2014-9112/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2016-2037 page",
            url: "https://www.suse.com/security/cve/CVE-2016-2037/",
         },
      ],
      title: "cpio-2.12-3.90 on GA media",
      tracking: {
         current_release_date: "2024-06-15T00:00:00Z",
         generator: {
            date: "2024-06-15T00:00:00Z",
            engine: {
               name: "cve-database.git:bin/generate-csaf.pl",
               version: "1",
            },
         },
         id: "openSUSE-SU-2024:10143-1",
         initial_release_date: "2024-06-15T00:00:00Z",
         revision_history: [
            {
               date: "2024-06-15T00:00:00Z",
               number: "1",
               summary: "Current version",
            },
         ],
         status: "final",
         version: "1",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "cpio-2.12-3.90.aarch64",
                        product: {
                           name: "cpio-2.12-3.90.aarch64",
                           product_id: "cpio-2.12-3.90.aarch64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "cpio-lang-2.12-3.90.aarch64",
                        product: {
                           name: "cpio-lang-2.12-3.90.aarch64",
                           product_id: "cpio-lang-2.12-3.90.aarch64",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "aarch64",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "cpio-2.12-3.90.ppc64le",
                        product: {
                           name: "cpio-2.12-3.90.ppc64le",
                           product_id: "cpio-2.12-3.90.ppc64le",
                        },
                     },
                     {
                        category: "product_version",
                        name: "cpio-lang-2.12-3.90.ppc64le",
                        product: {
                           name: "cpio-lang-2.12-3.90.ppc64le",
                           product_id: "cpio-lang-2.12-3.90.ppc64le",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "ppc64le",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "cpio-2.12-3.90.s390x",
                        product: {
                           name: "cpio-2.12-3.90.s390x",
                           product_id: "cpio-2.12-3.90.s390x",
                        },
                     },
                     {
                        category: "product_version",
                        name: "cpio-lang-2.12-3.90.s390x",
                        product: {
                           name: "cpio-lang-2.12-3.90.s390x",
                           product_id: "cpio-lang-2.12-3.90.s390x",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "s390x",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "cpio-2.12-3.90.x86_64",
                        product: {
                           name: "cpio-2.12-3.90.x86_64",
                           product_id: "cpio-2.12-3.90.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "cpio-lang-2.12-3.90.x86_64",
                        product: {
                           name: "cpio-lang-2.12-3.90.x86_64",
                           product_id: "cpio-lang-2.12-3.90.x86_64",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "x86_64",
               },
               {
                  branches: [
                     {
                        category: "product_name",
                        name: "openSUSE Tumbleweed",
                        product: {
                           name: "openSUSE Tumbleweed",
                           product_id: "openSUSE Tumbleweed",
                           product_identification_helper: {
                              cpe: "cpe:/o:opensuse:tumbleweed",
                           },
                        },
                     },
                  ],
                  category: "product_family",
                  name: "SUSE Linux Enterprise",
               },
            ],
            category: "vendor",
            name: "SUSE",
         },
      ],
      relationships: [
         {
            category: "default_component_of",
            full_product_name: {
               name: "cpio-2.12-3.90.aarch64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:cpio-2.12-3.90.aarch64",
            },
            product_reference: "cpio-2.12-3.90.aarch64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "cpio-2.12-3.90.ppc64le as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:cpio-2.12-3.90.ppc64le",
            },
            product_reference: "cpio-2.12-3.90.ppc64le",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "cpio-2.12-3.90.s390x as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:cpio-2.12-3.90.s390x",
            },
            product_reference: "cpio-2.12-3.90.s390x",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "cpio-2.12-3.90.x86_64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:cpio-2.12-3.90.x86_64",
            },
            product_reference: "cpio-2.12-3.90.x86_64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "cpio-lang-2.12-3.90.aarch64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:cpio-lang-2.12-3.90.aarch64",
            },
            product_reference: "cpio-lang-2.12-3.90.aarch64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "cpio-lang-2.12-3.90.ppc64le as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:cpio-lang-2.12-3.90.ppc64le",
            },
            product_reference: "cpio-lang-2.12-3.90.ppc64le",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "cpio-lang-2.12-3.90.s390x as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:cpio-lang-2.12-3.90.s390x",
            },
            product_reference: "cpio-lang-2.12-3.90.s390x",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "cpio-lang-2.12-3.90.x86_64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:cpio-lang-2.12-3.90.x86_64",
            },
            product_reference: "cpio-lang-2.12-3.90.x86_64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2010-0624",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2010-0624",
            },
         ],
         notes: [
            {
               category: "general",
               text: "Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "openSUSE Tumbleweed:cpio-2.12-3.90.aarch64",
               "openSUSE Tumbleweed:cpio-2.12-3.90.ppc64le",
               "openSUSE Tumbleweed:cpio-2.12-3.90.s390x",
               "openSUSE Tumbleweed:cpio-2.12-3.90.x86_64",
               "openSUSE Tumbleweed:cpio-lang-2.12-3.90.aarch64",
               "openSUSE Tumbleweed:cpio-lang-2.12-3.90.ppc64le",
               "openSUSE Tumbleweed:cpio-lang-2.12-3.90.s390x",
               "openSUSE Tumbleweed:cpio-lang-2.12-3.90.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2010-0624",
               url: "https://www.suse.com/security/cve/CVE-2010-0624",
            },
            {
               category: "external",
               summary: "SUSE Bug 579475 for CVE-2010-0624",
               url: "https://bugzilla.suse.com/579475",
            },
            {
               category: "external",
               summary: "SUSE Bug 608034 for CVE-2010-0624",
               url: "https://bugzilla.suse.com/608034",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "openSUSE Tumbleweed:cpio-2.12-3.90.aarch64",
                  "openSUSE Tumbleweed:cpio-2.12-3.90.ppc64le",
                  "openSUSE Tumbleweed:cpio-2.12-3.90.s390x",
                  "openSUSE Tumbleweed:cpio-2.12-3.90.x86_64",
                  "openSUSE Tumbleweed:cpio-lang-2.12-3.90.aarch64",
                  "openSUSE Tumbleweed:cpio-lang-2.12-3.90.ppc64le",
                  "openSUSE Tumbleweed:cpio-lang-2.12-3.90.s390x",
                  "openSUSE Tumbleweed:cpio-lang-2.12-3.90.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2024-06-15T00:00:00Z",
               details: "moderate",
            },
         ],
         title: "CVE-2010-0624",
      },
      {
         cve: "CVE-2014-9112",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2014-9112",
            },
         ],
         notes: [
            {
               category: "general",
               text: "Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "openSUSE Tumbleweed:cpio-2.12-3.90.aarch64",
               "openSUSE Tumbleweed:cpio-2.12-3.90.ppc64le",
               "openSUSE Tumbleweed:cpio-2.12-3.90.s390x",
               "openSUSE Tumbleweed:cpio-2.12-3.90.x86_64",
               "openSUSE Tumbleweed:cpio-lang-2.12-3.90.aarch64",
               "openSUSE Tumbleweed:cpio-lang-2.12-3.90.ppc64le",
               "openSUSE Tumbleweed:cpio-lang-2.12-3.90.s390x",
               "openSUSE Tumbleweed:cpio-lang-2.12-3.90.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2014-9112",
               url: "https://www.suse.com/security/cve/CVE-2014-9112",
            },
            {
               category: "external",
               summary: "SUSE Bug 907456 for CVE-2014-9112",
               url: "https://bugzilla.suse.com/907456",
            },
            {
               category: "external",
               summary: "SUSE Bug 913479 for CVE-2014-9112",
               url: "https://bugzilla.suse.com/913479",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "openSUSE Tumbleweed:cpio-2.12-3.90.aarch64",
                  "openSUSE Tumbleweed:cpio-2.12-3.90.ppc64le",
                  "openSUSE Tumbleweed:cpio-2.12-3.90.s390x",
                  "openSUSE Tumbleweed:cpio-2.12-3.90.x86_64",
                  "openSUSE Tumbleweed:cpio-lang-2.12-3.90.aarch64",
                  "openSUSE Tumbleweed:cpio-lang-2.12-3.90.ppc64le",
                  "openSUSE Tumbleweed:cpio-lang-2.12-3.90.s390x",
                  "openSUSE Tumbleweed:cpio-lang-2.12-3.90.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2024-06-15T00:00:00Z",
               details: "moderate",
            },
         ],
         title: "CVE-2014-9112",
      },
      {
         cve: "CVE-2016-2037",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2016-2037",
            },
         ],
         notes: [
            {
               category: "general",
               text: "The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "openSUSE Tumbleweed:cpio-2.12-3.90.aarch64",
               "openSUSE Tumbleweed:cpio-2.12-3.90.ppc64le",
               "openSUSE Tumbleweed:cpio-2.12-3.90.s390x",
               "openSUSE Tumbleweed:cpio-2.12-3.90.x86_64",
               "openSUSE Tumbleweed:cpio-lang-2.12-3.90.aarch64",
               "openSUSE Tumbleweed:cpio-lang-2.12-3.90.ppc64le",
               "openSUSE Tumbleweed:cpio-lang-2.12-3.90.s390x",
               "openSUSE Tumbleweed:cpio-lang-2.12-3.90.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2016-2037",
               url: "https://www.suse.com/security/cve/CVE-2016-2037",
            },
            {
               category: "external",
               summary: "SUSE Bug 1028410 for CVE-2016-2037",
               url: "https://bugzilla.suse.com/1028410",
            },
            {
               category: "external",
               summary: "SUSE Bug 963448 for CVE-2016-2037",
               url: "https://bugzilla.suse.com/963448",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "openSUSE Tumbleweed:cpio-2.12-3.90.aarch64",
                  "openSUSE Tumbleweed:cpio-2.12-3.90.ppc64le",
                  "openSUSE Tumbleweed:cpio-2.12-3.90.s390x",
                  "openSUSE Tumbleweed:cpio-2.12-3.90.x86_64",
                  "openSUSE Tumbleweed:cpio-lang-2.12-3.90.aarch64",
                  "openSUSE Tumbleweed:cpio-lang-2.12-3.90.ppc64le",
                  "openSUSE Tumbleweed:cpio-lang-2.12-3.90.s390x",
                  "openSUSE Tumbleweed:cpio-lang-2.12-3.90.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 4.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                  version: "3.1",
               },
               products: [
                  "openSUSE Tumbleweed:cpio-2.12-3.90.aarch64",
                  "openSUSE Tumbleweed:cpio-2.12-3.90.ppc64le",
                  "openSUSE Tumbleweed:cpio-2.12-3.90.s390x",
                  "openSUSE Tumbleweed:cpio-2.12-3.90.x86_64",
                  "openSUSE Tumbleweed:cpio-lang-2.12-3.90.aarch64",
                  "openSUSE Tumbleweed:cpio-lang-2.12-3.90.ppc64le",
                  "openSUSE Tumbleweed:cpio-lang-2.12-3.90.s390x",
                  "openSUSE Tumbleweed:cpio-lang-2.12-3.90.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2024-06-15T00:00:00Z",
               details: "low",
            },
         ],
         title: "CVE-2016-2037",
      },
   ],
}

CVE-2010-0624 (GCVE-0-2010-0624)

Vulnerability from cvelistv5

Published

2010-03-12 20:00

Modified

2024-08-07 00:52

Severity ?

Summary

Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.

References

▼	URL	Tags
	http://www.redhat.com/support/errata/RHSA-2010-0142.html	vendor-advisory, x_refsource_REDHAT
	http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036668.html	vendor-advisory, x_refsource_FEDORA
	http://www.mandriva.com/security/advisories?name=MDVSA-2010:065	vendor-advisory, x_refsource_MANDRIVA
	http://www.vupen.com/english/advisories/2010/1107	vdb-entry, x_refsource_VUPEN
	http://www.redhat.com/support/errata/RHSA-2010-0144.html	vendor-advisory, x_refsource_REDHAT
	http://www.vupen.com/english/advisories/2010/0629	vdb-entry, x_refsource_VUPEN
	http://www.agrs.tu-berlin.de/index.php?id=78327	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html	vendor-advisory, x_refsource_SUSE
	http://secunia.com/advisories/38988	third-party-advisory, x_refsource_SECUNIA
	http://security.gentoo.org/glsa/glsa-201111-11.xml	vendor-advisory, x_refsource_GENTOO
	http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037395.html	vendor-advisory, x_refsource_FEDORA
	https://bugzilla.redhat.com/show_bug.cgi?id=564368	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2010/0687	vdb-entry, x_refsource_VUPEN
	http://www.vupen.com/english/advisories/2010/0639	vdb-entry, x_refsource_VUPEN
	https://issues.rpath.com/browse/RPL-3219	x_refsource_CONFIRM
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6907	vdb-entry, signature, x_refsource_OVAL
	http://www.vupen.com/english/advisories/2010/0628	vdb-entry, x_refsource_VUPEN
	http://www.redhat.com/support/errata/RHSA-2010-0141.html	vendor-advisory, x_refsource_REDHAT
	http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037401.html	vendor-advisory, x_refsource_FEDORA
	http://www.ubuntu.com/usn/USN-2456-1	vendor-advisory, x_refsource_UBUNTU
	http://secunia.com/advisories/39008	third-party-advisory, x_refsource_SECUNIA
	http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038134.html	vendor-advisory, x_refsource_FEDORA
	http://www.securityfocus.com/archive/1/514503/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10277	vdb-entry, signature, x_refsource_OVAL
	http://www.redhat.com/support/errata/RHSA-2010-0145.html	vendor-advisory, x_refsource_REDHAT
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691	x_refsource_CONFIRM
	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705	x_refsource_CONFIRM
	http://secunia.com/advisories/38869	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2010/0729	vdb-entry, x_refsource_VUPEN
	http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038149.html	vendor-advisory, x_refsource_FEDORA
	http://www.vupen.com/english/advisories/2010/0728	vdb-entry, x_refsource_VUPEN
	http://osvdb.org/62950	vdb-entry, x_refsource_OSVDB

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T00:52:19.781Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2010:0142",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2010-0142.html",
               },
               {
                  name: "FEDORA-2010-2895",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036668.html",
               },
               {
                  name: "MDVSA-2010:065",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:065",
               },
               {
                  name: "ADV-2010-1107",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2010/1107",
               },
               {
                  name: "RHSA-2010:0144",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2010-0144.html",
               },
               {
                  name: "ADV-2010-0629",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2010/0629",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.agrs.tu-berlin.de/index.php?id=78327",
               },
               {
                  name: "SUSE-SR:2010:011",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html",
               },
               {
                  name: "38988",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/38988",
               },
               {
                  name: "GLSA-201111-11",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://security.gentoo.org/glsa/glsa-201111-11.xml",
               },
               {
                  name: "FEDORA-2010-4309",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037395.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=564368",
               },
               {
                  name: "ADV-2010-0687",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2010/0687",
               },
               {
                  name: "ADV-2010-0639",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2010/0639",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://issues.rpath.com/browse/RPL-3219",
               },
               {
                  name: "oval:org.mitre.oval:def:6907",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6907",
               },
               {
                  name: "ADV-2010-0628",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2010/0628",
               },
               {
                  name: "RHSA-2010:0141",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2010-0141.html",
               },
               {
                  name: "FEDORA-2010-4321",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037401.html",
               },
               {
                  name: "USN-2456-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2456-1",
               },
               {
                  name: "39008",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/39008",
               },
               {
                  name: "FEDORA-2010-4302",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038134.html",
               },
               {
                  name: "20101027 rPSA-2010-0070-1 cpio tar",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/514503/100/0/threaded",
               },
               {
                  name: "oval:org.mitre.oval:def:10277",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10277",
               },
               {
                  name: "RHSA-2010:0145",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2010-0145.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705",
               },
               {
                  name: "38869",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/38869",
               },
               {
                  name: "ADV-2010-0729",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2010/0729",
               },
               {
                  name: "FEDORA-2010-4306",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038149.html",
               },
               {
                  name: "ADV-2010-0728",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2010/0728",
               },
               {
                  name: "62950",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/62950",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2010-03-10T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-10T18:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "RHSA-2010:0142",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2010-0142.html",
            },
            {
               name: "FEDORA-2010-2895",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036668.html",
            },
            {
               name: "MDVSA-2010:065",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:065",
            },
            {
               name: "ADV-2010-1107",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2010/1107",
            },
            {
               name: "RHSA-2010:0144",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2010-0144.html",
            },
            {
               name: "ADV-2010-0629",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2010/0629",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.agrs.tu-berlin.de/index.php?id=78327",
            },
            {
               name: "SUSE-SR:2010:011",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html",
            },
            {
               name: "38988",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/38988",
            },
            {
               name: "GLSA-201111-11",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://security.gentoo.org/glsa/glsa-201111-11.xml",
            },
            {
               name: "FEDORA-2010-4309",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037395.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=564368",
            },
            {
               name: "ADV-2010-0687",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2010/0687",
            },
            {
               name: "ADV-2010-0639",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2010/0639",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://issues.rpath.com/browse/RPL-3219",
            },
            {
               name: "oval:org.mitre.oval:def:6907",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6907",
            },
            {
               name: "ADV-2010-0628",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2010/0628",
            },
            {
               name: "RHSA-2010:0141",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2010-0141.html",
            },
            {
               name: "FEDORA-2010-4321",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037401.html",
            },
            {
               name: "USN-2456-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2456-1",
            },
            {
               name: "39008",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/39008",
            },
            {
               name: "FEDORA-2010-4302",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038134.html",
            },
            {
               name: "20101027 rPSA-2010-0070-1 cpio tar",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/514503/100/0/threaded",
            },
            {
               name: "oval:org.mitre.oval:def:10277",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10277",
            },
            {
               name: "RHSA-2010:0145",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2010-0145.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705",
            },
            {
               name: "38869",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/38869",
            },
            {
               name: "ADV-2010-0729",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2010/0729",
            },
            {
               name: "FEDORA-2010-4306",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038149.html",
            },
            {
               name: "ADV-2010-0728",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2010/0728",
            },
            {
               name: "62950",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/62950",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2010-0624",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "RHSA-2010:0142",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2010-0142.html",
                  },
                  {
                     name: "FEDORA-2010-2895",
                     refsource: "FEDORA",
                     url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036668.html",
                  },
                  {
                     name: "MDVSA-2010:065",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:065",
                  },
                  {
                     name: "ADV-2010-1107",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2010/1107",
                  },
                  {
                     name: "RHSA-2010:0144",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2010-0144.html",
                  },
                  {
                     name: "ADV-2010-0629",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2010/0629",
                  },
                  {
                     name: "http://www.agrs.tu-berlin.de/index.php?id=78327",
                     refsource: "MISC",
                     url: "http://www.agrs.tu-berlin.de/index.php?id=78327",
                  },
                  {
                     name: "SUSE-SR:2010:011",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html",
                  },
                  {
                     name: "38988",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/38988",
                  },
                  {
                     name: "GLSA-201111-11",
                     refsource: "GENTOO",
                     url: "http://security.gentoo.org/glsa/glsa-201111-11.xml",
                  },
                  {
                     name: "FEDORA-2010-4309",
                     refsource: "FEDORA",
                     url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037395.html",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=564368",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=564368",
                  },
                  {
                     name: "ADV-2010-0687",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2010/0687",
                  },
                  {
                     name: "ADV-2010-0639",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2010/0639",
                  },
                  {
                     name: "https://issues.rpath.com/browse/RPL-3219",
                     refsource: "CONFIRM",
                     url: "https://issues.rpath.com/browse/RPL-3219",
                  },
                  {
                     name: "oval:org.mitre.oval:def:6907",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6907",
                  },
                  {
                     name: "ADV-2010-0628",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2010/0628",
                  },
                  {
                     name: "RHSA-2010:0141",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2010-0141.html",
                  },
                  {
                     name: "FEDORA-2010-4321",
                     refsource: "FEDORA",
                     url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037401.html",
                  },
                  {
                     name: "USN-2456-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2456-1",
                  },
                  {
                     name: "39008",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/39008",
                  },
                  {
                     name: "FEDORA-2010-4302",
                     refsource: "FEDORA",
                     url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038134.html",
                  },
                  {
                     name: "20101027 rPSA-2010-0070-1 cpio tar",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/514503/100/0/threaded",
                  },
                  {
                     name: "oval:org.mitre.oval:def:10277",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10277",
                  },
                  {
                     name: "RHSA-2010:0145",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2010-0145.html",
                  },
                  {
                     name: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691",
                     refsource: "CONFIRM",
                     url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691",
                  },
                  {
                     name: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705",
                     refsource: "CONFIRM",
                     url: "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705",
                  },
                  {
                     name: "38869",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/38869",
                  },
                  {
                     name: "ADV-2010-0729",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2010/0729",
                  },
                  {
                     name: "FEDORA-2010-4306",
                     refsource: "FEDORA",
                     url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/038149.html",
                  },
                  {
                     name: "ADV-2010-0728",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2010/0728",
                  },
                  {
                     name: "62950",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/62950",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2010-0624",
      datePublished: "2010-03-12T20:00:00",
      dateReserved: "2010-02-11T00:00:00",
      dateUpdated: "2024-08-07T00:52:19.781Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2014-9112 (GCVE-0-2014-9112)

Vulnerability from cvelistv5

Published

2014-12-02 16:00

Modified

2024-08-06 13:33

Severity ?

Summary

Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.

References

▼	URL	Tags
	http://secunia.com/advisories/62145	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/60167	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/98918	vdb-entry, x_refsource_XF
	http://www.securityfocus.com/bid/71248	vdb-entry, x_refsource_BID
	http://seclists.org/fulldisclosure/2014/Nov/74	mailing-list, x_refsource_FULLDISC
	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html	x_refsource_CONFIRM
	https://savannah.gnu.org/bugs/?43709	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2014/11/25/2	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2014/11/26/20	mailing-list, x_refsource_MLIST
	http://www.ubuntu.com/usn/USN-2456-1	vendor-advisory, x_refsource_UBUNTU
	http://www.openwall.com/lists/oss-security/2014/11/23/2	mailing-list, x_refsource_MLIST
	http://www.debian.org/security/2014/dsa-3111	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T13:33:13.652Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "62145",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/62145",
               },
               {
                  name: "60167",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/60167",
               },
               {
                  name: "linux-kernel-lesspipe-code-exec(98918)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98918",
               },
               {
                  name: "71248",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/71248",
               },
               {
                  name: "20141123 on Linux, 'less' can probably get you owned",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2014/Nov/74",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://savannah.gnu.org/bugs/?43709",
               },
               {
                  name: "[oss-security] 20141125 CVE request: cpio heap-based buffer overflow [was Re: so, can we do something about lesspipe? (+ a cpio bug to back up the argument)]",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2014/11/25/2",
               },
               {
                  name: "[oss-security] 20141126 CVE request: cpio heap-based buffer overflow [was Re: so, can we do something about lesspipe? (+ a cpio bug to back up the argument)]",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2014/11/26/20",
               },
               {
                  name: "USN-2456-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2456-1",
               },
               {
                  name: "[oss-security] 20141123 so, can we do something about lesspipe? (+ a cpio bug to back up the argument)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2014/11/23/2",
               },
               {
                  name: "DSA-3111",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2014/dsa-3111",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-11-23T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-09-07T15:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "62145",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/62145",
            },
            {
               name: "60167",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/60167",
            },
            {
               name: "linux-kernel-lesspipe-code-exec(98918)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98918",
            },
            {
               name: "71248",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/71248",
            },
            {
               name: "20141123 on Linux, 'less' can probably get you owned",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2014/Nov/74",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://savannah.gnu.org/bugs/?43709",
            },
            {
               name: "[oss-security] 20141125 CVE request: cpio heap-based buffer overflow [was Re: so, can we do something about lesspipe? (+ a cpio bug to back up the argument)]",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2014/11/25/2",
            },
            {
               name: "[oss-security] 20141126 CVE request: cpio heap-based buffer overflow [was Re: so, can we do something about lesspipe? (+ a cpio bug to back up the argument)]",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2014/11/26/20",
            },
            {
               name: "USN-2456-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2456-1",
            },
            {
               name: "[oss-security] 20141123 so, can we do something about lesspipe? (+ a cpio bug to back up the argument)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2014/11/23/2",
            },
            {
               name: "DSA-3111",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2014/dsa-3111",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2014-9112",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "62145",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/62145",
                  },
                  {
                     name: "60167",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/60167",
                  },
                  {
                     name: "linux-kernel-lesspipe-code-exec(98918)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98918",
                  },
                  {
                     name: "71248",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/71248",
                  },
                  {
                     name: "20141123 on Linux, 'less' can probably get you owned",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2014/Nov/74",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
                  },
                  {
                     name: "https://savannah.gnu.org/bugs/?43709",
                     refsource: "MISC",
                     url: "https://savannah.gnu.org/bugs/?43709",
                  },
                  {
                     name: "[oss-security] 20141125 CVE request: cpio heap-based buffer overflow [was Re: so, can we do something about lesspipe? (+ a cpio bug to back up the argument)]",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2014/11/25/2",
                  },
                  {
                     name: "[oss-security] 20141126 CVE request: cpio heap-based buffer overflow [was Re: so, can we do something about lesspipe? (+ a cpio bug to back up the argument)]",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2014/11/26/20",
                  },
                  {
                     name: "USN-2456-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2456-1",
                  },
                  {
                     name: "[oss-security] 20141123 so, can we do something about lesspipe? (+ a cpio bug to back up the argument)",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2014/11/23/2",
                  },
                  {
                     name: "DSA-3111",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2014/dsa-3111",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2014-9112",
      datePublished: "2014-12-02T16:00:00",
      dateReserved: "2014-11-26T00:00:00",
      dateUpdated: "2024-08-06T13:33:13.652Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2016-2037 (GCVE-0-2016-2037)

Vulnerability from cvelistv5

Published

2016-02-22 15:05

Modified

2024-08-05 23:17

Severity ?

Summary

The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.

References

▼	URL	Tags
	http://www.openwall.com/lists/oss-security/2016/01/19/4	mailing-list, x_refsource_MLIST
	http://www.securitytracker.com/id/1035067	vdb-entry, x_refsource_SECTRACK
	http://www.debian.org/security/2016/dsa-3483	vendor-advisory, x_refsource_DEBIAN
	http://www.openwall.com/lists/oss-security/2016/01/22/4	mailing-list, x_refsource_MLIST
	http://www.ubuntu.com/usn/USN-2906-1	vendor-advisory, x_refsource_UBUNTU
	http://www.securityfocus.com/bid/82293	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T23:17:50.061Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[oss-security] 20160119 CVE request: out-of-bounds write with cpio 2.11",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2016/01/19/4",
               },
               {
                  name: "1035067",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1035067",
               },
               {
                  name: "DSA-3483",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3483",
               },
               {
                  name: "[oss-security] 20160122 Re: CVE request: out-of-bounds write with cpio 2.11",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2016/01/22/4",
               },
               {
                  name: "USN-2906-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2906-1",
               },
               {
                  name: "82293",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/82293",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-01-19T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-12-02T20:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "[oss-security] 20160119 CVE request: out-of-bounds write with cpio 2.11",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2016/01/19/4",
            },
            {
               name: "1035067",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1035067",
            },
            {
               name: "DSA-3483",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3483",
            },
            {
               name: "[oss-security] 20160122 Re: CVE request: out-of-bounds write with cpio 2.11",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2016/01/22/4",
            },
            {
               name: "USN-2906-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2906-1",
            },
            {
               name: "82293",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/82293",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2016-2037",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[oss-security] 20160119 CVE request: out-of-bounds write with cpio 2.11",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2016/01/19/4",
                  },
                  {
                     name: "1035067",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1035067",
                  },
                  {
                     name: "DSA-3483",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2016/dsa-3483",
                  },
                  {
                     name: "[oss-security] 20160122 Re: CVE request: out-of-bounds write with cpio 2.11",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2016/01/22/4",
                  },
                  {
                     name: "USN-2906-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2906-1",
                  },
                  {
                     name: "82293",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/82293",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2016-2037",
      datePublished: "2016-02-22T15:05:00",
      dateReserved: "2016-01-22T00:00:00",
      dateUpdated: "2024-08-05T23:17:50.061Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

Vulnerability from csaf_opensuse

CVE-2010-0624 (GCVE-0-2010-0624)

Vulnerability from cvelistv5

CVE-2014-9112 (GCVE-0-2014-9112)

Vulnerability from cvelistv5

CVE-2016-2037 (GCVE-0-2016-2037)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature