Your submission was sent successfully! Close

CVE-2010-0624

Published: 15 March 2010

Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.

Priority

Low

Status

Package Release Status
cpio
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
hardy Ignored
(reached end-of-life)
intrepid Needed
(reached end-of-life)
jaunty Ignored
(reached end-of-life)
karmic Ignored
(reached end-of-life)
lucid
Released (2.10-1ubuntu2.1)
maverick Not vulnerable
(2.11-4ubuntu1)
natty Not vulnerable
(2.11-4ubuntu1)
oneiric Not vulnerable
(2.11-4ubuntu1)
precise Not vulnerable
(2.11-4ubuntu1)
quantal Not vulnerable
(2.11-4ubuntu1)
raring Not vulnerable
(2.11-4ubuntu1)
saucy Not vulnerable
(2.11-4ubuntu1)
trusty Not vulnerable
(2.11-4ubuntu1)
upstream Needed

utopic Not vulnerable
(2.11-4ubuntu1)
vivid Not vulnerable
(2.11-4ubuntu1)
tar
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
hardy Ignored
(reached end-of-life)
intrepid Needed
(reached end-of-life)
jaunty Ignored
(reached end-of-life)
karmic Ignored
(reached end-of-life)
lucid Ignored
(reached end-of-life)
maverick Ignored
(reached end-of-life)
natty Not vulnerable
(1.23-3)
oneiric Not vulnerable
(1.23-3)
precise Not vulnerable
(1.23-3)
quantal Not vulnerable
(1.23-3)
raring Not vulnerable
(1.23-3)
saucy Not vulnerable
(1.23-3)
trusty Not vulnerable
(1.23-3)
upstream Needed

utopic Not vulnerable
(1.23-3)
vivid Not vulnerable
(1.23-3)