CVE-2005-4268 : Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denia

Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits.

Published 2005-12-15 18:11:00

Updated 2018-10-03 21:34:29

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: OverflowExecute codeDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2005-4268

Probability of exploitation activity in the next 30 days: 0.65%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 79 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2005-4268

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.7	LOW	AV:L/AC:H/Au:N/C:P/I:P/A:P	1.9	6.4	NIST
Access Vector: Local Access Complexity: High Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2005-4268

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)

Vendor statements for CVE-2005-4268

Red Hat 2010-03-15

This issue was addressed in Red Hat Enterprise Linux 4 via https://rhn.redhat.com/errata/RHSA-2007-0245.html and in Red Hat Enterprise Linux 3 via https://rhn.redhat.com/errata/RHSA-2010-0145.html. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

References for CVE-2005-4268

Products affected by CVE-2005-4268