Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2012-4024
Modified
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-19 Jul, 2012 | 19:55
Updated At-29 Apr, 2026 | 01:13

Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program's user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
squashfs_project
squashfs_project
>>squashfs>>Versions up to 4.2(inclusive)
cpe:2.3:a:squashfs_project:squashfs:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com&forum_name=squashfs-develcve@mitre.org
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2013:128cve@mitre.org
Not Applicable
http://www.openwall.com/lists/oss-security/2012/07/19/6cve@mitre.org
Mailing List
http://www.osvdb.org/83898cve@mitre.org
Broken Link
http://www.securityfocus.com/bid/54610cve@mitre.org
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/77106cve@mitre.org
VDB Entry
https://security.gentoo.org/glsa/201612-40cve@mitre.org
Third Party Advisory
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001cve@mitre.org
Third Party Advisory
http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com&forum_name=squashfs-develaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2013:128af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://www.openwall.com/lists/oss-security/2012/07/19/6af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://www.osvdb.org/83898af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.securityfocus.com/bid/54610af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/77106af854a3a-2127-422b-91ae-364da2661108
VDB Entry
https://security.gentoo.org/glsa/201612-40af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com&forum_name=squashfs-devel
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:128
Source: cve@mitre.org
Resource:
Not Applicable
Hyperlink: http://www.openwall.com/lists/oss-security/2012/07/19/6
Source: cve@mitre.org
Resource:
Mailing List
Hyperlink: http://www.osvdb.org/83898
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.securityfocus.com/bid/54610
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/77106
Source: cve@mitre.org
Resource:
VDB Entry
Hyperlink: https://security.gentoo.org/glsa/201612-40
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com&forum_name=squashfs-devel
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:128
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Not Applicable
Hyperlink: http://www.openwall.com/lists/oss-security/2012/07/19/6
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: http://www.osvdb.org/83898
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.securityfocus.com/bid/54610
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/77106
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
VDB Entry
Hyperlink: https://security.gentoo.org/glsa/201612-40
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Change History
0Changes found
Details not found