|Description||Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and trick the local user into consolidating it, leading to hardlink executable crash or potentially arbitrary code execution with user privileges.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)|
Vulnerable and fixed packages
The table below lists information on source packages.
|hardlink (PTS)||jessie, stretch||0.3.0||fixed|
|bullseye, sid, buster||0.3.2||fixed|
The information below is based on the following data on fixed versions.
|Package||Type||Release||Fixed Version||Urgency||Origin||Debian Bugs|
- hardlink <not-affected> (Only the C version, ours are written in Python)