8.8

CVE-2011-3630

Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a specially-crafted directory tree, and trick the local user into consolidating it, leading to hardlink executable crash, or, potentially arbitrary code execution with the privileges of the user running the hardlink executable.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hardlink ProjectHardlink Version < 0.1.2
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
RedhatEnterprise Linux Version5.0
RedhatEnterprise Linux Version6.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.66% 0.837
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://access.redhat.com/security/cve/cve-2011-3630
Third Party Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645516
Third Party Advisory
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3630
Patch
Third Party Advisory
Issue Tracking
https://security-tracker.debian.org/tracker/CVE-2011-3630
Third Party Advisory
https://www.openwall.com/lists/oss-security/2011/10/20/6
Third Party Advisory
Mailing List