Heap-based Buffer Overflow in GNU Cpio Affects Remote Operations
CVE-2014-9112

Currently unrated

Key Information:

Vendor
Gnu
Status
Vendor
CVE Published:
2 December 2014

Summary

The heap-based buffer overflow vulnerability in GNU Cpio version 2.11 arises from improper handling of a large block value during the execution of the process_copy_in function. This issue allows remote attackers to exploit the vulnerability, potentially leading to a denial of service condition. It poses significant risks to systems processing cpio archives, as attackers can craft malicious archives to trigger this exploitation, disrupt service, and compromise the integrity of operations relying on GNU Cpio.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.