CPE Details
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:o:huawei:openeuler:20.03:sp1:*:*:lts:*:*:*
Informations
Vendor
huaweiProduct
openeulerVersion
20.03Update
sp1Software Edition
ltsRelated CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free). | 9.8 |
Critique |
||
| An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read. | 9.1 |
Critique |
||
| An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read. | 8.1 |
Haute |
||
| The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak. | 7.5 |
Haute |
||
| The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak. | 7.5 |
Haute |
||
| When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds. | 6.8 |
Moyen |
||
| atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled in the default configuration. | 7.8 |
Haute |
2025©
tesweb SA
