ubuntu · CVE-2011-3631

Quick triage

Priority: low Published: 2019-11-26 04:15:00 UTC Updated: 2025-08-25 20:17:24 UTC

View at Official ubuntu advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2011-3631 low priority: Ubuntu including 1 source packages (hardlink), 6 status rows across 6 suites (hardy, lucid, maverick, natty, oneiric, upstream): not-affected 5, DNE 1.

Description:

Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and trick the local user into consolidating it, leading to hardlink executable crash or potentially arbitrary code execution with user privileges.

cvelogic Threat Intelligence