Unrated severityNVD Advisory· Published Mar 15, 2010· Updated Apr 29, 2026
CVE-2010-0624
CVE-2010-0624
Description
Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.
Affected products
36cpe:2.3:a:gnu:cpio:1.1:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:gnu:cpio:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:cpio:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:cpio:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:cpio:2.4-2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:cpio:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:cpio:2.5.90:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:cpio:2.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:cpio:2.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:cpio:2.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:cpio:2.9:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:cpio:*:*:*:*:*:*:*:*range: <=2.10
- cpe:2.3:a:gnu:cpio:1.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:tar:*:*:*:*:*:*:*:*+ 23 more
- cpe:2.3:a:gnu:tar:*:*:*:*:*:*:*:*range: <=1.22
- cpe:2.3:a:gnu:tar:1.13:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.13.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.13.11:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.13.14:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.13.16:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.13.17:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.13.18:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.13.19:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.13.25:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.14:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.14.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.14.90:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.15:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.15.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.15.90:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.15.91:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.16:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.16.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.17:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.18:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.19:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.20:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:1.21:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
32- bugzilla.redhat.com/show_bug.cginvdPatch
- www.agrs.tu-berlin.de/index.phpnvdExploit
- kb.juniper.net/InfoCenter/indexnvd
- kb.juniper.net/InfoCenter/indexnvd
- lists.fedoraproject.org/pipermail/package-announce/2010-March/036668.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2010-March/037395.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2010-March/037401.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2010-March/038134.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2010-March/038149.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.htmlnvd
- osvdb.org/62950nvd
- secunia.com/advisories/38869nvd
- secunia.com/advisories/38988nvd
- secunia.com/advisories/39008nvd
- security.gentoo.org/glsa/glsa-201111-11.xmlnvd
- www.mandriva.com/security/advisoriesnvd
- www.redhat.com/support/errata/RHSA-2010-0141.htmlnvd
- www.redhat.com/support/errata/RHSA-2010-0142.htmlnvd
- www.redhat.com/support/errata/RHSA-2010-0144.htmlnvd
- www.redhat.com/support/errata/RHSA-2010-0145.htmlnvd
- www.securityfocus.com/archive/1/514503/100/0/threadednvd
- www.ubuntu.com/usn/USN-2456-1nvd
- www.vupen.com/english/advisories/2010/0628nvd
- www.vupen.com/english/advisories/2010/0629nvd
- www.vupen.com/english/advisories/2010/0639nvd
- www.vupen.com/english/advisories/2010/0687nvd
- www.vupen.com/english/advisories/2010/0728nvd
- www.vupen.com/english/advisories/2010/0729nvd
- www.vupen.com/english/advisories/2010/1107nvd
- issues.rpath.com/browse/RPL-3219nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10277nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6907nvd
News mentions
0No linked articles in our index yet.