CVE-2015-8872

NameCVE-2015-8872
DescriptionThe set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-2224-1, DLA-474-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
dosfstools (PTS)buster4.1-2fixed
bookworm, bullseye4.2-1fixed
trixie, sid4.2-1.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
dosfstoolssourcewheezy3.0.13-1+deb7u1DLA-474-1
dosfstoolssourcejessie3.0.27-1+deb8u1DLA-2224-1
dosfstoolssource(unstable)4.0-1

Notes

https://github.com/dosfstools/dosfstools/issues/12
https://github.com/dosfstools/dosfstools/commit/07908124838afcc99c577d1d3e84cef2dbd39cb7
Search for package or bug name: Reporting problems