CVE-2021-38185 - OpenCVE

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Gnu	Cpio

Configuration 1 [-]

cpe:2.3:a:gnu:cpio:*:*:*:*:*:*:*:*

References

Link	Resource
https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=dd96882877721703e19272fe25034560b794061b	Patch Third Party Advisory
https://github.com/fangqyi/cpiopwn	Exploit Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/06/msg00007.html
https://lists.gnu.org/archive/html/bug-cpio/2021-08/msg00000.html	Exploit Mailing List Vendor Advisory
https://lists.gnu.org/archive/html/bug-cpio/2021-08/msg00002.html	Exploit Mailing List Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-08-07T00:00:00

Updated: 2023-06-04T00:00:00

Reserved: 2021-08-07T00:00:00

Link: CVE-2021-38185

JSON object: View

NVD Information

Status : Modified

Published: 2021-08-08T00:15:07.027

Modified: 2023-06-04T22:15:22.327

Link: CVE-2021-38185

JSON object: View

Redhat Information

No data.

CWE

CWE-190

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:cpio:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A33B0EB-9D43-46C7-8F49-7BC8B11E83E4", "versionEndIncluding": "2.13", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data."}, {"lang": "es", "value": "GNU cpio versiones hasta 2.13, permite a atacantes ejecutar c\u00f3digo arbitrario por medio de un archivo de patrones dise\u00f1ado, debido a un desbordamiento de enteros en el archivo dstring.c en la funci\u00f3n ds_fgetstr que desencadena una escritura de pila fuera de l\u00edmites. NOTA: no est\u00e1 claro si hay casos comunes en los que el archivo de patrones, asociado con la opci\u00f3n -E, son datos no confiables"}], "id": "CVE-2021-38185", "lastModified": "2023-06-04T22:15:22.327", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-08T00:15:07.027", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=dd96882877721703e19272fe25034560b794061b"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/fangqyi/cpiopwn"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00007.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Vendor Advisory"], "url": "https://lists.gnu.org/archive/html/bug-cpio/2021-08/msg00000.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Vendor Advisory"], "url": "https://lists.gnu.org/archive/html/bug-cpio/2021-08/msg00002.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}