CVE-2014-9112

Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
Affected Products (NVD)
VendorProductVersion
gnucpio
2.11
debiandebian_linux
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
cpio
bookworm
2.13+dfsg-7.1
fixed
bullseye
2.13+dfsg-7.1~deb11u1
fixed
sid
2.15+dfsg-2
fixed
trixie
2.15+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
cpio
lucid
Fixed 2.10-1ubuntu2.1
released
precise
Fixed 2.11-7ubuntu3.1
released
trusty
Fixed 2.11+dfsg-1ubuntu1.1
released
utopic
Fixed 2.11+dfsg-2ubuntu1.1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
cpio
suse enterprise desktop 15
2.12-1.439
fixed
suse enterprise desktop 15 SP1
2.12-1.439
fixed
suse enterprise desktop 15 SP2
2.12-3.3.1
fixed
suse enterprise desktop 15 SP3
2.12-3.3.1
fixed
suse enterprise desktop 15 SP4
2.13-150400.1.98
fixed
suse enterprise desktop 15 SP5
2.13-150400.1.98
fixed
suse enterprise desktop 15 SP6
2.13-150400.3.6.1
fixed
suse enterprise desktop 15 SP7
2.13-150400.3.6.1
fixed
suse enterprise sap 12
2.11-29.1
fixed
suse enterprise sap 12 SP5
2.11-36.3.4
fixed
suse enterprise sap 15
2.12-1.439
fixed
suse enterprise sap 15 SP1
2.12-1.439
fixed
suse enterprise sap 15 SP2
2.12-3.3.1
fixed
suse enterprise sap 15 SP3
2.12-3.3.1
fixed
suse enterprise sap 15 SP4
2.13-150400.1.98
fixed
suse enterprise sap 15 SP5
2.13-150400.1.98
fixed
suse enterprise sap 15 SP6
2.13-150400.3.6.1
fixed
suse enterprise sap 15 SP7
2.13-150400.3.6.1
fixed
suse enterprise server 12
2.11-29.1
fixed
suse enterprise server 12 SP1
2.11-29.1
fixed
suse enterprise server 12 SP2
2.11-29.1
fixed
suse enterprise server 12 SP4
2.11-36.3.4
fixed
suse enterprise server 12 SP5
2.11-36.3.4
fixed
suse enterprise server 15
2.12-1.439
fixed
suse enterprise server 15 SP1
2.12-1.439
fixed
suse enterprise server 15 SP2
2.12-3.3.1
fixed
suse enterprise server 15 SP3
2.12-3.3.1
fixed
suse enterprise server 15 SP4
2.13-150400.1.98
fixed
suse enterprise server 15 SP5
2.13-150400.1.98
fixed
suse enterprise server 15 SP6
2.13-150400.3.6.1
fixed
suse enterprise server 15 SP7
2.13-150400.3.6.1
fixed
cpio-lang
suse enterprise desktop 15
2.12-1.439
fixed
suse enterprise desktop 15 SP1
2.12-1.439
fixed
suse enterprise desktop 15 SP2
2.12-3.3.1
fixed
suse enterprise desktop 15 SP3
2.12-3.3.1
fixed
suse enterprise desktop 15 SP4
2.13-150400.1.98
fixed
suse enterprise desktop 15 SP5
2.13-150400.1.98
fixed
suse enterprise desktop 15 SP6
2.13-150400.3.6.1
fixed
suse enterprise desktop 15 SP7
2.13-150400.3.6.1
fixed
suse enterprise sap 12
2.11-29.1
fixed
suse enterprise sap 12 SP5
2.11-36.3.4
fixed
suse enterprise sap 15
2.12-1.439
fixed
suse enterprise sap 15 SP1
2.12-1.439
fixed
suse enterprise sap 15 SP2
2.12-3.3.1
fixed
suse enterprise sap 15 SP3
2.12-3.3.1
fixed
suse enterprise sap 15 SP4
2.13-150400.1.98
fixed
suse enterprise sap 15 SP5
2.13-150400.1.98
fixed
suse enterprise sap 15 SP6
2.13-150400.3.6.1
fixed
suse enterprise sap 15 SP7
2.13-150400.3.6.1
fixed
suse enterprise server 12
2.11-29.1
fixed
suse enterprise server 12 SP1
2.11-29.1
fixed
suse enterprise server 12 SP2
2.11-29.1
fixed
suse enterprise server 12 SP4
2.11-36.3.4
fixed
suse enterprise server 12 SP5
2.11-36.3.4
fixed
suse enterprise server 15
2.12-1.439
fixed
suse enterprise server 15 SP1
2.12-1.439
fixed
suse enterprise server 15 SP2
2.12-3.3.1
fixed
suse enterprise server 15 SP3
2.12-3.3.1
fixed
suse enterprise server 15 SP4
2.13-150400.1.98
fixed
suse enterprise server 15 SP5
2.13-150400.1.98
fixed
suse enterprise server 15 SP6
2.13-150400.3.6.1
fixed
suse enterprise server 15 SP7
2.13-150400.3.6.1
fixed
cpio-mt
suse enterprise desktop 15
2.12-1.439
fixed
suse enterprise desktop 15 SP1
2.12-1.439
fixed
suse enterprise desktop 15 SP2
2.12-3.3.1
fixed
suse enterprise desktop 15 SP3
2.12-3.3.1
fixed
suse enterprise desktop 15 SP4
2.13-150400.1.98
fixed
suse enterprise desktop 15 SP5
2.13-150400.1.98
fixed
suse enterprise desktop 15 SP6
2.13-150400.3.6.1
fixed
suse enterprise desktop 15 SP7
2.13-150400.3.6.1
fixed
suse enterprise sap 15
2.12-1.439
fixed
suse enterprise sap 15 SP1
2.12-1.439
fixed
suse enterprise sap 15 SP2
2.12-3.3.1
fixed
suse enterprise sap 15 SP3
2.12-3.3.1
fixed
suse enterprise sap 15 SP4
2.13-150400.1.98
fixed
suse enterprise sap 15 SP5
2.13-150400.1.98
fixed
suse enterprise sap 15 SP6
2.13-150400.3.6.1
fixed
suse enterprise sap 15 SP7
2.13-150400.3.6.1
fixed
suse enterprise server 15
2.12-1.439
fixed
suse enterprise server 15 SP1
2.12-1.439
fixed
suse enterprise server 15 SP2
2.12-3.3.1
fixed
suse enterprise server 15 SP3
2.12-3.3.1
fixed
suse enterprise server 15 SP4
2.13-150400.1.98
fixed
suse enterprise server 15 SP5
2.13-150400.1.98
fixed
suse enterprise server 15 SP6
2.13-150400.3.6.1
fixed
suse enterprise server 15 SP7
2.13-150400.3.6.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
cpio
RHEL 7
0:2.11-24.el7
fixed
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2014/Nov/74
http://secunia.com/advisories/60167
http://secunia.com/advisories/62145
http://www.debian.org/security/2014/dsa-3111
http://www.openwall.com/lists/oss-security/2014/11/23/2
http://www.openwall.com/lists/oss-security/2014/11/25/2
http://www.openwall.com/lists/oss-security/2014/11/26/20
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/71248
http://www.ubuntu.com/usn/USN-2456-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/98918
https://savannah.gnu.org/bugs/?43709
http://seclists.org/fulldisclosure/2014/Nov/74
http://secunia.com/advisories/60167
http://secunia.com/advisories/62145
http://www.debian.org/security/2014/dsa-3111
http://www.openwall.com/lists/oss-security/2014/11/23/2
http://www.openwall.com/lists/oss-security/2014/11/25/2
http://www.openwall.com/lists/oss-security/2014/11/26/20
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/71248
http://www.ubuntu.com/usn/USN-2456-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/98918
https://savannah.gnu.org/bugs/?43709