CVE-2010-0624

Name of the Vulnerable Software and Affected Versions tar versions prior to 1.23 GNU cpio versions prior to 2.11

Description The issue is related to a heap-based buffer overflow in the rmt read function in lib/rtapelib.c in the rmt client functionality. This can be exploited by remote rmt servers, allowing them to cause a denial of service or possibly execute arbitrary code by sending more data than was requested, particularly with archive filenames containing a colon character. The vulnerability can lead to a disruption of confidentiality, integrity, and availability of protected information and can be exploited remotely.

Recommendations For tar versions prior to 1.23, update to version 1.23 or later to resolve the issue. For GNU cpio versions prior to 2.11, update to version 2.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the rmt client functionality until a patch is available. Avoid using archive filenames that contain a colon character in the affected API endpoint until the issue is resolved.