PT-2012-5151 · Philip Blundell+1 · Squashfs+1

Sebas Sujeen

Publicado

2012-07-19

Atualizado

2024-06-15

CVE-2012-4024

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Squashfs versions 4.2 and earlier

Description The issue is related to a stack-based buffer overflow in the get component function in unsquashfs.c. This can be exploited by remote attackers to execute arbitrary code via a crafted list file, which is used with the -ef option. Typically, the list file is constructed by the program's user and is trusted, but there are scenarios where such a file could be obtained from an untrusted remote source.

Recommendations For Squashfs versions 4.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

ALT-PU-2014-1701

CVE-2012-4024

OPENSUSE-SU-2024:10201-1

Produtos afetados

Alt Linux

Squashfs

PT-2012-5151 · Philip Blundell+1 · Squashfs+1

CVE-2012-4024

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 19