CVE-2011-3631

Published: Nov 26, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and trick the local user into consolidating it, leading to hardlink executable crash or potentially arbitrary code execution with user privileges.

Affected (6)

Products: Hardlink Project: Hardlink · Debian: Debian Linux · Redhat: Enterprise Linux

Hardlink Project

1 product

1 product

1 product

Enterprise Linux

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Hardlink Project Hardlink	Before 0.1.2

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0
Redhat Enterprise Linux	Version 5.0
Redhat Enterprise Linux	Version 6.0

Related CWEs

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

References (8)

https://access.redhat.com/security/cve/cve-2011-3631

Source: secalert@redhat.com

Third Party Advisory

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645516

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3631

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://security-tracker.debian.org/tracker/CVE-2011-3631

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/security/cve/cve-2011-3631

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645516

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3631

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://security-tracker.debian.org/tracker/CVE-2011-3631

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.