oss-sec mailing list archives
Re: CVE request: out-of-bounds write with cpio 2.11
From: Gustavo Grieco <gustavo.grieco () gmail com>
Date: Tue, 19 Jan 2016 15:33:09 -0300
2016-01-19 15:24 GMT-03:00 Hanno Böck <hanno () hboeck de>:
On Tue, 19 Jan 2016 13:45:05 -0300 Gustavo Grieco <gustavo.grieco () gmail com> wrote:An out-of-bounds write in cpio 2.11 was found in the parsing of cpio files (other version are probably affected). Find attached a test case to reproduce it. The ASAN report is here:Is this a duplicate of CVE-2014-9112? https://lists.gnu.org/archive/html/bug-cpio/2014-11/msg00007.html
I think it is not. I'm testing in Ubuntu 14.04 and CVE-2014-9112 seems to be fixed: http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9112.html
cpio is esentially unmaintained upstream.
I agree.
-- Hanno Böck http://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Current thread:
- CVE request: out-of-bounds write with cpio 2.11 Gustavo Grieco (Jan 19)
- Re: CVE request: out-of-bounds write with cpio 2.11 Hanno Böck (Jan 19)
- Re: CVE request: out-of-bounds write with cpio 2.11 Gustavo Grieco (Jan 19)
- Re: CVE request: out-of-bounds write with cpio 2.11 cve-assign (Jan 22)
- Re: CVE request: out-of-bounds write with cpio 2.11 anarcat (Jan 29)
- Re: Re: CVE request: out-of-bounds write with cpio 2.11 Gustavo Grieco (Jan 29)
- Re: CVE request: out-of-bounds write with cpio 2.11 Gustavo Grieco (Feb 12)
- Re: CVE request: out-of-bounds write with cpio 2.11 Hanno Böck (Jan 19)