Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities by squashfs_project
CVE-2015-4646 (GCVE-0-2015-4646)
Vulnerability from nvd – Published: 2017-04-13 17:00 – Updated: 2024-08-06 06:18
VLAI
Summary
(1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/75272 | vdb-entryx_refsource_BID |
| https://security.gentoo.org/glsa/201701-73 | vendor-advisoryx_refsource_GENTOO |
| http://seclists.org/oss-sec/2015/q2/756 | mailing-listx_refsource_MLIST |
| https://github.com/plougher/squashfs-tools/commit… | x_refsource_CONFIRM |
Date Public
2015-06-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:12.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "75272",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75272"
},
{
"name": "GLSA-201701-73",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-73"
},
{
"name": "[oss-security] 20150618 Re: Possible CVE Request: Multiple stack overflows in squashfs-tools and sasquatch",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2015/q2/756"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plougher/squashfs-tools/commit/f95864afe8833fe3ad782d714b41378e860977b1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "(1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-22T18:09:59.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "75272",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75272"
},
{
"name": "GLSA-201701-73",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-73"
},
{
"name": "[oss-security] 20150618 Re: Possible CVE Request: Multiple stack overflows in squashfs-tools and sasquatch",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2015/q2/756"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plougher/squashfs-tools/commit/f95864afe8833fe3ad782d714b41378e860977b1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "(1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "75272",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75272"
},
{
"name": "GLSA-201701-73",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-73"
},
{
"name": "[oss-security] 20150618 Re: Possible CVE Request: Multiple stack overflows in squashfs-tools and sasquatch",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q2/756"
},
{
"name": "https://github.com/plougher/squashfs-tools/commit/f95864afe8833fe3ad782d714b41378e860977b1",
"refsource": "CONFIRM",
"url": "https://github.com/plougher/squashfs-tools/commit/f95864afe8833fe3ad782d714b41378e860977b1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4646",
"datePublished": "2017-04-13T17:00:00.000Z",
"dateReserved": "2015-06-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:18:12.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4645 (GCVE-0-2015-4645)
Vulnerability from nvd – Published: 2017-03-17 14:00 – Updated: 2024-08-06 06:18
VLAI
Summary
Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| https://bugzilla.redhat.com/show_bug.cgi?id=1234886 | x_refsource_CONFIRM |
| https://github.com/devttys0/sasquatch/pull/5 | x_refsource_MISC |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.securityfocus.com/bid/75272 | vdb-entryx_refsource_BID |
| https://security.gentoo.org/glsa/201701-73 | vendor-advisoryx_refsource_GENTOO |
| https://github.com/plougher/squashfs-tools/commit… | x_refsource_CONFIRM |
Date Public
2015-06-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:12.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2015-10750",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162171.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1234886"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/devttys0/sasquatch/pull/5"
},
{
"name": "FEDORA-2015-10760",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162226.html"
},
{
"name": "75272",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75272"
},
{
"name": "GLSA-201701-73",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-73"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plougher/squashfs-tools/commit/f95864afe8833fe3ad782d714b41378e860977b1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-22T18:08:26.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2015-10750",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162171.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1234886"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/devttys0/sasquatch/pull/5"
},
{
"name": "FEDORA-2015-10760",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162226.html"
},
{
"name": "75272",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75272"
},
{
"name": "GLSA-201701-73",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-73"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plougher/squashfs-tools/commit/f95864afe8833fe3ad782d714b41378e860977b1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4645",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-10750",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162171.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1234886",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1234886"
},
{
"name": "https://github.com/devttys0/sasquatch/pull/5",
"refsource": "MISC",
"url": "https://github.com/devttys0/sasquatch/pull/5"
},
{
"name": "FEDORA-2015-10760",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162226.html"
},
{
"name": "75272",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75272"
},
{
"name": "GLSA-201701-73",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-73"
},
{
"name": "https://github.com/plougher/squashfs-tools/commit/f95864afe8833fe3ad782d714b41378e860977b1",
"refsource": "CONFIRM",
"url": "https://github.com/plougher/squashfs-tools/commit/f95864afe8833fe3ad782d714b41378e860977b1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4645",
"datePublished": "2017-03-17T14:00:00.000Z",
"dateReserved": "2015-06-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:18:12.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4025 (GCVE-0-2012-4025)
Vulnerability from nvd – Published: 2012-07-19 19:00 – Updated: 2024-08-06 20:21
VLAI
Summary
Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2012/07/19/6 | mailing-listx_refsource_MLIST |
| http://www.osvdb.org/83899 | vdb-entryx_refsource_OSVDB |
| https://wiki.mageia.org/en/Support/Advisories/MGA… | x_refsource_CONFIRM |
| http://sourceforge.net/mailarchive/forum.php?thre… | x_refsource_MISC |
| http://www.securityfocus.com/bid/54610 | vdb-entryx_refsource_BID |
| https://security.gentoo.org/glsa/201612-40 | vendor-advisoryx_refsource_GENTOO |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
Date Public
2012-07-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:21:04.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120719 CVE-2012-4024 and CVE-2012-4025: Squashfs overflows",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/19/6"
},
{
"name": "83899",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/83899"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com\u0026forum_name=squashfs-devel"
},
{
"name": "54610",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54610"
},
{
"name": "GLSA-201612-40",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-40"
},
{
"name": "MDVSA-2013:128",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:128"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-30T17:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20120719 CVE-2012-4024 and CVE-2012-4025: Squashfs overflows",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/19/6"
},
{
"name": "83899",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/83899"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com\u0026forum_name=squashfs-devel"
},
{
"name": "54610",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54610"
},
{
"name": "GLSA-201612-40",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201612-40"
},
{
"name": "MDVSA-2013:128",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:128"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120719 CVE-2012-4024 and CVE-2012-4025: Squashfs overflows",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/07/19/6"
},
{
"name": "83899",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/83899"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001"
},
{
"name": "http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com\u0026forum_name=squashfs-devel",
"refsource": "MISC",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com\u0026forum_name=squashfs-devel"
},
{
"name": "54610",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54610"
},
{
"name": "GLSA-201612-40",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-40"
},
{
"name": "MDVSA-2013:128",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:128"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4025",
"datePublished": "2012-07-19T19:00:00.000Z",
"dateReserved": "2012-07-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:21:04.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4024 (GCVE-0-2012-4024)
Vulnerability from nvd – Published: 2012-07-19 19:00 – Updated: 2024-08-06 20:21
VLAI
Summary
Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program's user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2012/07/19/6 | mailing-listx_refsource_MLIST |
| http://www.osvdb.org/83898 | vdb-entryx_refsource_OSVDB |
| https://wiki.mageia.org/en/Support/Advisories/MGA… | x_refsource_CONFIRM |
| http://sourceforge.net/mailarchive/forum.php?thre… | x_refsource_MISC |
| http://www.securityfocus.com/bid/54610 | vdb-entryx_refsource_BID |
| https://security.gentoo.org/glsa/201612-40 | vendor-advisoryx_refsource_GENTOO |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2012-07-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:21:04.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120719 CVE-2012-4024 and CVE-2012-4025: Squashfs overflows",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/19/6"
},
{
"name": "83898",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/83898"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com\u0026forum_name=squashfs-devel"
},
{
"name": "54610",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54610"
},
{
"name": "GLSA-201612-40",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-40"
},
{
"name": "MDVSA-2013:128",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:128"
},
{
"name": "squashfs-getcomponent-bo(77106)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program\u0027s user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-30T17:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20120719 CVE-2012-4024 and CVE-2012-4025: Squashfs overflows",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/19/6"
},
{
"name": "83898",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/83898"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com\u0026forum_name=squashfs-devel"
},
{
"name": "54610",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54610"
},
{
"name": "GLSA-201612-40",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201612-40"
},
{
"name": "MDVSA-2013:128",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:128"
},
{
"name": "squashfs-getcomponent-bo(77106)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program\u0027s user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120719 CVE-2012-4024 and CVE-2012-4025: Squashfs overflows",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/07/19/6"
},
{
"name": "83898",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/83898"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001"
},
{
"name": "http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com\u0026forum_name=squashfs-devel",
"refsource": "MISC",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com\u0026forum_name=squashfs-devel"
},
{
"name": "54610",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54610"
},
{
"name": "GLSA-201612-40",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-40"
},
{
"name": "MDVSA-2013:128",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:128"
},
{
"name": "squashfs-getcomponent-bo(77106)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4024",
"datePublished": "2012-07-19T19:00:00.000Z",
"dateReserved": "2012-07-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:21:04.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4646 (GCVE-0-2015-4646)
Vulnerability from cvelistv5 – Published: 2017-04-13 17:00 – Updated: 2024-08-06 06:18
VLAI
Summary
(1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/75272 | vdb-entryx_refsource_BID |
| https://security.gentoo.org/glsa/201701-73 | vendor-advisoryx_refsource_GENTOO |
| http://seclists.org/oss-sec/2015/q2/756 | mailing-listx_refsource_MLIST |
| https://github.com/plougher/squashfs-tools/commit… | x_refsource_CONFIRM |
Date Public
2015-06-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:12.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "75272",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75272"
},
{
"name": "GLSA-201701-73",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-73"
},
{
"name": "[oss-security] 20150618 Re: Possible CVE Request: Multiple stack overflows in squashfs-tools and sasquatch",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2015/q2/756"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plougher/squashfs-tools/commit/f95864afe8833fe3ad782d714b41378e860977b1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "(1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-22T18:09:59.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "75272",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75272"
},
{
"name": "GLSA-201701-73",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-73"
},
{
"name": "[oss-security] 20150618 Re: Possible CVE Request: Multiple stack overflows in squashfs-tools and sasquatch",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2015/q2/756"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plougher/squashfs-tools/commit/f95864afe8833fe3ad782d714b41378e860977b1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "(1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "75272",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75272"
},
{
"name": "GLSA-201701-73",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-73"
},
{
"name": "[oss-security] 20150618 Re: Possible CVE Request: Multiple stack overflows in squashfs-tools and sasquatch",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q2/756"
},
{
"name": "https://github.com/plougher/squashfs-tools/commit/f95864afe8833fe3ad782d714b41378e860977b1",
"refsource": "CONFIRM",
"url": "https://github.com/plougher/squashfs-tools/commit/f95864afe8833fe3ad782d714b41378e860977b1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4646",
"datePublished": "2017-04-13T17:00:00.000Z",
"dateReserved": "2015-06-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:18:12.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4645 (GCVE-0-2015-4645)
Vulnerability from cvelistv5 – Published: 2017-03-17 14:00 – Updated: 2024-08-06 06:18
VLAI
Summary
Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| https://bugzilla.redhat.com/show_bug.cgi?id=1234886 | x_refsource_CONFIRM |
| https://github.com/devttys0/sasquatch/pull/5 | x_refsource_MISC |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.securityfocus.com/bid/75272 | vdb-entryx_refsource_BID |
| https://security.gentoo.org/glsa/201701-73 | vendor-advisoryx_refsource_GENTOO |
| https://github.com/plougher/squashfs-tools/commit… | x_refsource_CONFIRM |
Date Public
2015-06-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:12.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2015-10750",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162171.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1234886"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/devttys0/sasquatch/pull/5"
},
{
"name": "FEDORA-2015-10760",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162226.html"
},
{
"name": "75272",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75272"
},
{
"name": "GLSA-201701-73",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-73"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plougher/squashfs-tools/commit/f95864afe8833fe3ad782d714b41378e860977b1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-22T18:08:26.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2015-10750",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162171.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1234886"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/devttys0/sasquatch/pull/5"
},
{
"name": "FEDORA-2015-10760",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162226.html"
},
{
"name": "75272",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75272"
},
{
"name": "GLSA-201701-73",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-73"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plougher/squashfs-tools/commit/f95864afe8833fe3ad782d714b41378e860977b1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4645",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-10750",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162171.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1234886",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1234886"
},
{
"name": "https://github.com/devttys0/sasquatch/pull/5",
"refsource": "MISC",
"url": "https://github.com/devttys0/sasquatch/pull/5"
},
{
"name": "FEDORA-2015-10760",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162226.html"
},
{
"name": "75272",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75272"
},
{
"name": "GLSA-201701-73",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-73"
},
{
"name": "https://github.com/plougher/squashfs-tools/commit/f95864afe8833fe3ad782d714b41378e860977b1",
"refsource": "CONFIRM",
"url": "https://github.com/plougher/squashfs-tools/commit/f95864afe8833fe3ad782d714b41378e860977b1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4645",
"datePublished": "2017-03-17T14:00:00.000Z",
"dateReserved": "2015-06-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:18:12.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4024 (GCVE-0-2012-4024)
Vulnerability from cvelistv5 – Published: 2012-07-19 19:00 – Updated: 2024-08-06 20:21
VLAI
Summary
Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program's user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2012/07/19/6 | mailing-listx_refsource_MLIST |
| http://www.osvdb.org/83898 | vdb-entryx_refsource_OSVDB |
| https://wiki.mageia.org/en/Support/Advisories/MGA… | x_refsource_CONFIRM |
| http://sourceforge.net/mailarchive/forum.php?thre… | x_refsource_MISC |
| http://www.securityfocus.com/bid/54610 | vdb-entryx_refsource_BID |
| https://security.gentoo.org/glsa/201612-40 | vendor-advisoryx_refsource_GENTOO |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2012-07-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:21:04.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120719 CVE-2012-4024 and CVE-2012-4025: Squashfs overflows",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/19/6"
},
{
"name": "83898",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/83898"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com\u0026forum_name=squashfs-devel"
},
{
"name": "54610",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54610"
},
{
"name": "GLSA-201612-40",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-40"
},
{
"name": "MDVSA-2013:128",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:128"
},
{
"name": "squashfs-getcomponent-bo(77106)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program\u0027s user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-30T17:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20120719 CVE-2012-4024 and CVE-2012-4025: Squashfs overflows",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/19/6"
},
{
"name": "83898",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/83898"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com\u0026forum_name=squashfs-devel"
},
{
"name": "54610",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54610"
},
{
"name": "GLSA-201612-40",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201612-40"
},
{
"name": "MDVSA-2013:128",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:128"
},
{
"name": "squashfs-getcomponent-bo(77106)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program\u0027s user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120719 CVE-2012-4024 and CVE-2012-4025: Squashfs overflows",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/07/19/6"
},
{
"name": "83898",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/83898"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001"
},
{
"name": "http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com\u0026forum_name=squashfs-devel",
"refsource": "MISC",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com\u0026forum_name=squashfs-devel"
},
{
"name": "54610",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54610"
},
{
"name": "GLSA-201612-40",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-40"
},
{
"name": "MDVSA-2013:128",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:128"
},
{
"name": "squashfs-getcomponent-bo(77106)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4024",
"datePublished": "2012-07-19T19:00:00.000Z",
"dateReserved": "2012-07-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:21:04.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4025 (GCVE-0-2012-4025)
Vulnerability from cvelistv5 – Published: 2012-07-19 19:00 – Updated: 2024-08-06 20:21
VLAI
Summary
Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2012/07/19/6 | mailing-listx_refsource_MLIST |
| http://www.osvdb.org/83899 | vdb-entryx_refsource_OSVDB |
| https://wiki.mageia.org/en/Support/Advisories/MGA… | x_refsource_CONFIRM |
| http://sourceforge.net/mailarchive/forum.php?thre… | x_refsource_MISC |
| http://www.securityfocus.com/bid/54610 | vdb-entryx_refsource_BID |
| https://security.gentoo.org/glsa/201612-40 | vendor-advisoryx_refsource_GENTOO |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
Date Public
2012-07-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:21:04.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120719 CVE-2012-4024 and CVE-2012-4025: Squashfs overflows",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/19/6"
},
{
"name": "83899",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/83899"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com\u0026forum_name=squashfs-devel"
},
{
"name": "54610",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54610"
},
{
"name": "GLSA-201612-40",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-40"
},
{
"name": "MDVSA-2013:128",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:128"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-30T17:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20120719 CVE-2012-4024 and CVE-2012-4025: Squashfs overflows",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/19/6"
},
{
"name": "83899",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/83899"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com\u0026forum_name=squashfs-devel"
},
{
"name": "54610",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54610"
},
{
"name": "GLSA-201612-40",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201612-40"
},
{
"name": "MDVSA-2013:128",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:128"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120719 CVE-2012-4024 and CVE-2012-4025: Squashfs overflows",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/07/19/6"
},
{
"name": "83899",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/83899"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001"
},
{
"name": "http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com\u0026forum_name=squashfs-devel",
"refsource": "MISC",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com\u0026forum_name=squashfs-devel"
},
{
"name": "54610",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54610"
},
{
"name": "GLSA-201612-40",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-40"
},
{
"name": "MDVSA-2013:128",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:128"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4025",
"datePublished": "2012-07-19T19:00:00.000Z",
"dateReserved": "2012-07-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:21:04.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}