CVE-2021-38185
08.08.2021, 00:15
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| gnu | cpio | 𝑥 ≤ 2.13 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| cpio |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| cpio |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| cpio-lang |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| cpio-mt |
|
References