Heap-based Buffer Overflow in GNU Tar and GNU Cpio
CVE-2010-0624

Currently unrated

Key Information:

Vendor
Gnu
Status
Vendor
CVE Published:
15 March 2010

Summary

The vulnerability exists in the rmt_read__ function of lib/rtapelib.c within the rmt client functionality of GNU Tar and GNU Cpio. By exploiting this flaw, remote rmt servers can send excessive data beyond what was requested, potentially leading to denial of service due to memory corruption or the possibility of executing arbitrary code. Notably, this issue is associated with archive filenames that include a colon (:) character, which can trigger the overflow.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.