Strix
26.1K

CVE-2010-0624

UnknownEPSS 4.75%

Last modified

CVE-2010-0624 is a vulnerability of currently unknown severity. Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.. EPSS estimates a 4.75% chance of exploitation in the next 30 days.

Description

Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.

Metrics

EPSS Probability
4.75%

90.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
GnuCpio<= 2.10
GnuCpio1.0
GnuCpio1.1
GnuCpio1.2
GnuCpio1.3
GnuCpio2.4-2
GnuCpio2.5
GnuCpio2.5.90
GnuCpio2.6
GnuCpio2.7
GnuCpio2.8
GnuCpio2.9
GnuTar<= 1.22
GnuTar1.13
GnuTar1.13.5
GnuTar1.13.11
GnuTar1.13.14
GnuTar1.13.16
GnuTar1.13.17
GnuTar1.13.18
GnuTar1.13.19
GnuTar1.13.25
GnuTar1.14
GnuTar1.14.1
GnuTar1.14.90
GnuTar1.15
GnuTar1.15.1
GnuTar1.15.90
GnuTar1.15.91
GnuTar1.16
GnuTar1.16.1
GnuTar1.17
GnuTar1.18
GnuTar1.19
GnuTar1.20
GnuTar1.21

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2010-0624?
Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.
How severe is CVE-2010-0624?
Severity scoring for CVE-2010-0624 is pending analysis. The EPSS model estimates a 4.75% probability of exploitation in the next 30 days.
How do I fix CVE-2010-0624?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2010-0624?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST