Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar prior to 1.23 and GNU cpio prior to 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnu tar 1.13.16 |
||
gnu tar 1.13.17 |
||
gnu tar 1.14.90 |
||
gnu tar 1.15 |
||
gnu tar 1.18 |
||
gnu tar 1.17 |
||
gnu cpio 2.5 |
||
gnu cpio 2.5.90 |
||
gnu tar 1.13.11 |
||
gnu tar 1.13.14 |
||
gnu tar 1.14 |
||
gnu tar 1.14.1 |
||
gnu tar 1.20 |
||
gnu tar 1.19 |
||
gnu cpio 1.3 |
||
gnu cpio 2.4-2 |
||
gnu tar |
||
gnu cpio |
||
gnu tar 1.13.18 |
||
gnu tar 1.13.19 |
||
gnu tar 1.15.1 |
||
gnu tar 1.15.90 |
||
gnu tar 1.16.1 |
||
gnu cpio 1.0 |
||
gnu cpio 2.6 |
||
gnu cpio 2.9 |
||
gnu tar 1.13 |
||
gnu tar 1.13.25 |
||
gnu tar 1.13.5 |
||
gnu tar 1.15.91 |
||
gnu tar 1.16 |
||
gnu tar 1.21 |
||
gnu cpio 1.1 |
||
gnu cpio 1.2 |
||
gnu cpio 2.8 |
||
gnu cpio 2.7 |