suse · CVE-2014-9112

Quick triage

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2014-9112 severity moderate: SUSE including 276 source package names (0.9.1:cpio-2.11-29.1, 1.0.0:cpio-2.11-29.1, …), 361 product×package rows across 83 product lines (Container caasp/v4/default-http-backend, Container caasp/v4/dnsmasq-nanny, … (83 product lines)): Fixed 204, Known Affected 157.

Description:

Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.