CVE-2010-0624
Description
Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.
Risk Information
Base Score
10.0
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.474
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2001-1267,CVE-2002-1216,CVE-2007-4131,CVE-2010-0624 are affected in GNU Tar 1.13.19 | Windows |
| Multiple Vulnerabilities are affected in GNU Tar 1.13.25 | Windows |
| Multiple Vulnerabilities are affected in GNU Tar 1.15.1 | Windows |
| Vulnerabilities CVE-2006-0300,CVE-2007-4131,CVE-2010-0624,CVE-2016-6321 are affected in GNU Tar 1.14 | Windows |
| Vulnerabilities CVE-2006-0300,CVE-2010-0624 are affected in GNU Tar 1.14.1 | Windows |
| Vulnerabilities CVE-2006-0300,CVE-2007-4131,CVE-2010-0624,CVE-2016-6321 are affected in GNU Tar 1.15 | Windows |
| Vulnerabilities CVE-2006-0300,CVE-2007-4131,CVE-2010-0624,CVE-2016-6321 are affected in GNU Tar 1.15.90 | Windows |
| Vulnerabilities CVE-2006-6097,CVE-2007-4131,CVE-2010-0624,CVE-2016-6321 are affected in GNU Tar 1.16 | Windows |
| Vulnerabilities CVE-2007-4131,CVE-2010-0624 are affected in GNU Tar 1.13 | Windows |
| Vulnerabilities CVE-2007-4131,CVE-2010-0624 are affected in GNU Tar 1.13.11 | Windows |
| Vulnerabilities CVE-2007-4131,CVE-2010-0624 are affected in GNU Tar 1.13.14 | Windows |
| Vulnerabilities CVE-2007-4131,CVE-2010-0624 are affected in GNU Tar 1.13.16 | Windows |
| Vulnerabilities CVE-2007-4131,CVE-2010-0624 are affected in GNU Tar 1.13.17 | Windows |
| Vulnerabilities CVE-2007-4131,CVE-2010-0624 are affected in GNU Tar 1.13.18 | Windows |
| Vulnerabilities CVE-2007-4131,CVE-2010-0624 are affected in GNU Tar 1.13.5 | Windows |
| Vulnerabilities CVE-2007-4131,CVE-2010-0624 are affected in GNU Tar 1.14.90 | Windows |
| Vulnerabilities CVE-2007-4131,CVE-2010-0624,CVE-2016-6321 are affected in GNU Tar 1.15.91 | Windows |
| Vulnerabilities CVE-2010-0624,CVE-2016-6321 are affected in GNU Tar 1.16.1 | Windows |
| Vulnerabilities CVE-2010-0624,CVE-2016-6321 are affected in GNU Tar 1.17 | Windows |
| Vulnerabilities CVE-2010-0624,CVE-2016-6321 are affected in GNU Tar 1.18 | Windows |
| Vulnerabilities CVE-2010-0624,CVE-2016-6321 are affected in GNU Tar 1.19 | Windows |
| Vulnerabilities CVE-2010-0624,CVE-2016-6321 are affected in GNU Tar 1.20 | Windows |
| Vulnerabilities CVE-2010-0624,CVE-2016-6321 are affected in GNU Tar 1.21 | Windows |
| Vulnerabilities CVE-2010-0624,CVE-2016-6321 are affected in GNU Tar 1.22 | Windows |
| (RHSA-2010:0141) Moderate: tar security update tar-1.15.1-23.0.1.el5_4.2.i386.rpm | Linux |
| (RHSA-2010:0141) Moderate: tar security update tar-1.15.1-23.0.1.el5_4.2.x86_64.rpm | Linux |
| (RHSA-2010:0144) Moderate: cpio security update cpio-2.6-23.el5_4.1.i386.rpm | Linux |
| (RHSA-2010:0144) Moderate: cpio security update cpio-2.6-23.el5_4.1.x86_64.rpm | Linux |
| Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2010-0624) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234