Integer Overflow Vulnerability in GNU cpio Affects Arbitrary Code Execution
CVE-2021-38185

7.8HIGH

Key Information:

Vendor: Gnu
Status: Cpio
Vendor: CVE Published:; 8 August 2021

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 21%

Summary

The GNU cpio product version 2.13 is vulnerable to an integer overflow that allows attackers to execute arbitrary code via a specially crafted pattern file. The issue stems from the ds_fgetstr function within the dstring.c file, which can lead to an out-of-bounds write in the heap memory, potentially compromising the security of the system. It remains unclear whether the pattern file is always considered untrusted data, opening avenues for exploitation under certain conditions.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

cpiopwn
Created by fangqyi

References

https://github.com/fangqyi/cpiopwn

https://lists.gnu.org/archive/html/bug-cpio/2021-08/msg00...

EPSS Score

21% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2021
Vulnerability Reserved
Aug 7, 2021
🟡
Public PoC available
Jul 19, 2021
👾
Exploit known to exist
Jul 19, 2021