CVE-2010-0624

Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.
Severity
UNKNOWN
AV:N/AC:M/Au:N/C:P/I:P/A:P
Atk. Vector
NETWORK
Atk. Complexity
MEDIUM
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
gnucpio
𝑥
≤ 2.10
gnucpio
1.0
gnucpio
1.1
gnucpio
1.2
gnucpio
1.3
gnucpio
2.4-2
gnucpio
2.5
gnucpio
2.5.90
gnucpio
2.6
gnucpio
2.7
gnucpio
2.8
gnucpio
2.9
gnutar
𝑥
≤ 1.22
gnutar
1.13
gnutar
1.13.5
gnutar
1.13.11
gnutar
1.13.14
gnutar
1.13.16
gnutar
1.13.17
gnutar
1.13.18
gnutar
1.13.19
gnutar
1.13.25
gnutar
1.14
gnutar
1.14.1
gnutar
1.14.90
gnutar
1.15
gnutar
1.15.1
gnutar
1.15.90
gnutar
1.15.91
gnutar
1.16
gnutar
1.16.1
gnutar
1.17
gnutar
1.18
gnutar
1.19
gnutar
1.20
gnutar
1.21
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
cpio
bullseye
2.13+dfsg-7.1~deb11u1
fixed
bookworm
2.13+dfsg-7.1
fixed
sid
2.15+dfsg-2
fixed
trixie
2.15+dfsg-2
fixed
tar
bullseye
1.34+dfsg-1+deb11u1
fixed
bookworm
1.34+dfsg-1.2+deb12u1
fixed
sid
1.35+dfsg-3
fixed
trixie
1.35+dfsg-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
cpio
vivid
not-affected
utopic
not-affected
trusty
not-affected
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
Fixed 2.10-1ubuntu2.1
released
karmic
ignored
jaunty
ignored
intrepid
ignored
hardy
ignored
dapper
ignored
tar
vivid
not-affected
utopic
not-affected
trusty
not-affected
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
not-affected
natty
not-affected
maverick
ignored
lucid
ignored
karmic
ignored
jaunty
ignored
intrepid
ignored
hardy
ignored
dapper
ignored
References