Lucene search

MitreCVE-2012-4024

HistoryJul 19, 2012 - 7:55 p.m.

CVE-2012-4024

2012-07-1919:55:02

CWE-787

mitre

web.nvd.nist.gov

cve-2012-4024

stack-based buffer overflow

unsquashfs.c

squashfs 4.2

remote attackers

arbitrary code

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.032

Percentile

91.2%

JSON

Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program’s user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source.

Affected configurations

Nvd

Node

squashfs_projectsquashfsRange≤4.2

VendorProductVersionCPE
squashfs_projectsquashfs*cpe:2.3:a:squashfs_project:squashfs:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
squashfs_project	squashfs	*	cpe:2.3:a:squashfs_project:squashfs::::::::

References

sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com&forum_name=squashfs-devel

www.mandriva.com/security/advisories?name=MDVSA-2013:128

www.openwall.com/lists/oss-security/2012/07/19/6

www.osvdb.org/83898

www.securityfocus.com/bid/54610

exchange.xforce.ibmcloud.com/vulnerabilities/77106

security.gentoo.org/glsa/201612-40

wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.032

Percentile

91.2%

JSON

Related for CVE-2012-4024