buildroot

godotengine/buildroot

Fork 0

mirror of https://github.com/godotengine/buildroot.git synced 2026-01-22 12:51:25 +03:00

Commit Graph

Author	SHA1	Message	Date
Fabrice Fontaine	89857df2d1	package/cpio: fix CVE-2021-38185 GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>	2021-08-20 10:08:22 +02:00

Author

SHA1

Message

Date

Fabrice Fontaine

89857df2d1

package/cpio: fix CVE-2021-38185

GNU cpio through 2.13 allows attackers to execute arbitrary code via a
crafted pattern file, because of a dstring.c ds_fgetstr integer overflow
that triggers an out-of-bounds heap write. NOTE: it is unclear whether
there are common cases where the pattern file, associated with the -E
option, is untrusted data.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

2021-08-20 10:08:22 +02:00

1 Commits