CVE-2011-3630

HIGH

hardlink < 0.1.2 - Stack-based Buffer Overflow via Deeply Nested Directory Processing

Title source: llm
STIX 2.1

Description

Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a specially-crafted directory tree, and trick the local user into consolidating it, leading to hardlink executable crash, or, potentially arbitrary code execution with the privileges of the user running the hardlink executable.

References (5)

Core 5
Core References
Third Party Advisory x_refsource_misc
https://security-tracker.debian.org/tracker/CVE-2011-3630
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3630
Third Party Advisory x_refsource_misc
https://access.redhat.com/security/cve/cve-2011-3630
Mailing List, Third Party Advisory x_refsource_misc
https://www.openwall.com/lists/oss-security/2011/10/20/6
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645516

Scores

CVSS v3 8.8
EPSS 0.0266
EPSS Percentile 84.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (6)
debian/debian_linux 8.0
debian/debian_linux 9.0
debian/debian_linux 10.0
hardlink_project/hardlink < 0.1.2
redhat/enterprise_linux 5.0
redhat/enterprise_linux 6.0
Published Nov 26, 2019
Tracked Since Feb 18, 2026