Hardlink prior to 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and trick the local user into consolidating it, leading to hardlink executable crash or potentially arbitrary code execution with user privileges.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hardlink project hardlink |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
redhat enterprise linux 5.0 |
||
redhat enterprise linux 6.0 |