PT-2018-4889 · Partclone · Partclone
David Gnedt
·
Publicado
2018-05-02
·
Atualizado
2019-10-04
·
CVE-2016-10722
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Partclone versions prior to 0.2.88
Description
The issue is related to insufficient validation of the FAT superblock, which can lead to a heap-based buffer overflow. This is due to a problem in the
mark reserved sectors function. An attacker may be able to execute arbitrary code in the context of the user running the affected application.Recommendations
For versions prior to 0.2.88, update to version 0.2.88 or later to resolve the issue. As a temporary workaround, consider restricting the use of the
partclone.fat component until a patch is available.Exploit
Correção
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Partclone