oss-sec mailing list archives
Re: CVE request: out-of-bounds write with cpio 2.11
From: Hanno Böck <hanno () hboeck de>
Date: Tue, 19 Jan 2016 19:24:12 +0100
On Tue, 19 Jan 2016 13:45:05 -0300 Gustavo Grieco <gustavo.grieco () gmail com> wrote:
An out-of-bounds write in cpio 2.11 was found in the parsing of cpio files (other version are probably affected). Find attached a test case to reproduce it. The ASAN report is here:
Is this a duplicate of CVE-2014-9112? https://lists.gnu.org/archive/html/bug-cpio/2014-11/msg00007.html cpio is esentially unmaintained upstream. -- Hanno Böck http://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Attachment:
_bin
Description: OpenPGP digital signature
Current thread:
- CVE request: out-of-bounds write with cpio 2.11 Gustavo Grieco (Jan 19)
- Re: CVE request: out-of-bounds write with cpio 2.11 Hanno Böck (Jan 19)
- Re: CVE request: out-of-bounds write with cpio 2.11 Gustavo Grieco (Jan 19)
- Re: CVE request: out-of-bounds write with cpio 2.11 cve-assign (Jan 22)
- Re: CVE request: out-of-bounds write with cpio 2.11 anarcat (Jan 29)
- Re: Re: CVE request: out-of-bounds write with cpio 2.11 Gustavo Grieco (Jan 29)
- Re: CVE request: out-of-bounds write with cpio 2.11 Gustavo Grieco (Feb 12)
- Re: CVE request: out-of-bounds write with cpio 2.11 Hanno Böck (Jan 19)