Your submission was sent successfully! Close

CVE-2015-8872

Published: 31 December 2015

The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error."

Priority

Low

CVSS 3 base score: 6.2

Status

Package Release Status
dosfstools
Launchpad, Ubuntu, Debian
precise
Released (3.0.12-1ubuntu1.3)
trusty
Released (3.0.26-1ubuntu0.1)
upstream
Released (4.0-1)
wily
Released (3.0.28-1ubuntu0.1)
xenial
Released (3.0.28-2ubuntu0.1)
yakkety Not vulnerable
(4.0-2ubuntu1)
zesty Not vulnerable
(4.0-2ubuntu1)