Heap-based Buffer Overflow in GNU Cpio Affects Remote Operations
CVE-2014-9112

Currently unrated

Key Information:

Vendor: Gnu
Status: Cpio
Vendor: CVE Published:; 2 December 2014

Summary

The heap-based buffer overflow vulnerability in GNU Cpio version 2.11 arises from improper handling of a large block value during the execution of the process_copy_in function. This issue allows remote attackers to exploit the vulnerability, potentially leading to a denial of service condition. It poses significant risks to systems processing cpio archives, as attackers can craft malicious archives to trigger this exploitation, disrupt service, and compromise the integrity of operations relying on GNU Cpio.

References

http://secunia.com/advisories/62145

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/60167

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/98918

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Dec 2, 2014
Vulnerability Reserved
Nov 26, 2014