CVE-2011-3631

Name of the Vulnerable Software and Affected Versions Hardlink versions prior to 0.1.2

Description The issue arises from multiple integer overflows that lead to heap-based buffer overflows due to the way string lengths are concatenated in the calculation of the required memory space. A remote attacker could provide a specially-crafted directory tree and trick the local user into consolidating it, potentially leading to a hardlink executable crash or arbitrary code execution with user privileges.

Recommendations For versions prior to 0.1.2, update to version 0.1.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of hardlink to prevent consolidation of potentially malicious directory trees until a patch is applied.