Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Mageia 9 MGASA-2024-0241 Critical Heap Overflow: Erofs-Utils CVE-2023-33551

mageia
Calendar Grey June 28, 2024
Dist Mageia Esm H88
Recent erofs-utils updates fix critical heap buffer overflow issues and remote code execution flaws in Mageia 9.
Heap Buffer Overflow in the erofsfsck_dirent_iter function in fsck/main.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image

Summary

Heap Buffer Overflow in the erofsfsck_dirent_iter function in fsck/main.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image.

References

- https://bugs.mageia.org/show_bug.cgi?id=32272

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FHOIRL6XH5NYR3LYI3KP5DE4SDSQWR7W/

- https://www.cve.org/CVERecord?id=CVE-2023-33551

- https://www.cve.org/CVERecord?id=CVE-2023-33552

Resolution

SRPMS

- 9/core/erofs-utils-1.7.1-1.mga9

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 28 Jun 2024
URL: https://advisories.mageia.org/MGASA-2024-0241.html
Type: security
CVE: CVE-2023-33551, CVE-2023-33552

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here