CVE
CVE-2021-38185
| CVE ID |
CVE-2021-38185
|
|---|---|
| CVSS Score |
7.8
|
| Operating System | |
| Affected Versions |
CentOS 7
|
| Patched Versions |
cpio-2.11-28_ol003.el7
|
| Patch Date |
|
| Last Updated Date | |
| Vector String |
Additional Information
OL CVE Issue Summary:
CVE-2021-38185 is a critical integer overflow vulnerability in GNU's cpio(versions up to 2.13). The flaw exists in dstring.c:ds_fgetstr().
The vulnerability is triggered when cpio processes a maliciously crafted pattern file via the -E option. The integer overflow occurs during memory allocation for a string, leading to an out-of-bounds heapwrite, which can be leveraged for arbitrary code execution.