Buffer overflow in Gnu Cpio

CVE-2005-4268

Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits.

Vulnerability class: Buffer Overflow

EPSS: 0.005 (41.3th percentile) — read the EPSS interpretation.

Affected products

Gnu Cpio — versions 2.6-8
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (vdb-entry, x_refsource_XF)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_OSVDB, vdb-entry)
secalert@redhat.com (vendor-advisory, x_refsource_MANDRIVA)
secalert@redhat.com (x_refsource_OVAL, signature, vdb-entry)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)