Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.
Software | From | Fixed in |
---|---|---|
gnu / tar | - | 1.22.x |
gnu / tar | 1.13 | 1.13.x |
gnu / tar | 1.13.11 | 1.13.11.x |
gnu / tar | 1.13.14 | 1.13.14.x |
gnu / tar | 1.13.16 | 1.13.16.x |
gnu / tar | 1.13.17 | 1.13.17.x |
gnu / tar | 1.13.18 | 1.13.18.x |
gnu / tar | 1.13.19 | 1.13.19.x |
gnu / tar | 1.13.25 | 1.13.25.x |
gnu / tar | 1.13.5 | 1.13.5.x |
gnu / tar | 1.14 | 1.14.x |
gnu / tar | 1.14.1 | 1.14.1.x |
gnu / tar | 1.14.90 | 1.14.90.x |
gnu / tar | 1.15 | 1.15.x |
gnu / tar | 1.15.1 | 1.15.1.x |
gnu / tar | 1.15.90 | 1.15.90.x |
gnu / tar | 1.15.91 | 1.15.91.x |
gnu / tar | 1.16 | 1.16.x |
gnu / tar | 1.16.1 | 1.16.1.x |
gnu / tar | 1.17 | 1.17.x |
gnu / tar | 1.18 | 1.18.x |
gnu / tar | 1.19 | 1.19.x |
gnu / tar | 1.20 | 1.20.x |
gnu / tar | 1.21 | 1.21.x |
gnu / cpio | - | 2.10.x |
gnu / cpio | 1.0 | 1.0.x |
gnu / cpio | 1.1 | 1.1.x |
gnu / cpio | 1.2 | 1.2.x |
gnu / cpio | 1.3 | 1.3.x |
gnu / cpio | 2.4-2 | 2.4-2.x |
gnu / cpio | 2.5 | 2.5.x |
gnu / cpio | 2.5.90 | 2.5.90.x |
gnu / cpio | 2.6 | 2.6.x |
gnu / cpio | 2.7 | 2.7.x |
gnu / cpio | 2.8 | 2.8.x |
gnu / cpio | 2.9 | 2.9.x |