CVE-2016-4804

The readboot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) readfat function or an out-of-bounds heap read in (2) get_fat function.

References

Affected packages

Debian:11 / dosfstools

Package

Name: dosfstools
Purl: pkg:deb/debian/dosfstools?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / dosfstools

Package

Name: dosfstools
Purl: pkg:deb/debian/dosfstools?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / dosfstools

Package

Name: dosfstools
Purl: pkg:deb/debian/dosfstools?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/dosfstools/dosfstools

Affected ranges

Type: GIT
Repo: https://github.com/dosfstools/dosfstools
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e8eff147e9da1185f9afd5b25948153a3b97cf52

Fixed

e8eff147e9da1185f9afd5b25948153a3b97cf52

Affected versions

v2.*

v2.11

v3.*

v3.0.0

v3.0.1

v3.0.10

v3.0.11

v3.0.12

v3.0.13

v3.0.14

v3.0.15

v3.0.16

v3.0.17

v3.0.18

v3.0.19

v3.0.2

v3.0.20

v3.0.21

v3.0.22

v3.0.23

v3.0.24

v3.0.25

v3.0.26

v3.0.27

v3.0.28

v3.0.3

v3.0.4

v3.0.5

v3.0.6

v3.0.7

v3.0.8

v3.0.9