GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-08-07T00:00:00
Updated: 2024-08-04T01:37:16.303Z
Reserved: 2021-08-07T00:00:00
Link: CVE-2021-38185
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-08-08T00:15:07.027
Modified: 2023-06-04T22:15:22.327
Link: CVE-2021-38185
Redhat