CVE-2016-2037

Published: 22/02/2016 Updated: 06/12/2016

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote malicious users to cause a denial of service (out-of-bounds write) via a crafted cpio file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu cpio 2.11
debian debian linux 7.0
debian debian linux 8.0

Several security issues were fixed in GNU cpio ...

Debian Bug report logs - #812401 cpio: CVE-2016-2037: out-of-bounds write Package: src:cpio; Maintainer for src:cpio is Anibal Monsalve Salazar <anibal@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 23 Jan 2016 11:27:06 UTC Severity: important Tags: patch, security, upstream Found in v ...

Gustavo Grieco discovered an out-of-bounds write vulnerability in cpio, a tool for creating and extracting cpio archive files, leading to a denial of service (application crash) For the oldstable distribution (wheezy), this problem has been fixed in version 211+dfsg-01+deb7u2 For the stable distribution (jessie), this problem has been fixed in ...

The cpio_safer_name_suffix function in utilc in cpio 211 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file ...

CWE-119 http://www.debian.org/security/2016/dsa-3483 http://www.openwall.com/lists/oss-security/2016/01/19/4 http://www.openwall.com/lists/oss-security/2016/01/22/4 http://www.securityfocus.com/bid/82293 http://www.securitytracker.com/id/1035067 http://www.ubuntu.com/usn/USN-2906-1 https://usn.ubuntu.com/2906-1/https://nvd.nist.gov

CVE-2016-2037

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect