[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

Paid content will be excluded from the download.


Download | Alert*
OVAL

ALAS2023-2023-021 --- cpio

ID: oval:org.secpod.oval:def:19500154Date: (C)2023-06-12   (M)2023-06-12
Class: PATCHFamily: unix




GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data

Platform:
Amazon Linux 2023
Product:
cpio
Reference:
ALAS2023-2023-021
CVE-2021-38185
CVE    1
CVE-2021-38185
CPE    1
cpe:/a:gnu:cpio

© SecPod Technologies