| Name | CVE-2017-6596 |
| Description | partclone.chkimg in partclone 0.2.89 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. An attacker may be able to launch a 'Denial of Service attack' in the context of the user running the affected application. |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-923-1 |
| Debian Bugs | 857966 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| partclone (PTS) | bullseye | 0.3.13+dfsg-5 | fixed |
| bookworm | 0.3.23+repack-1 | fixed | |
| trixie | 0.3.36+repack-1 | fixed | |
| forky, sid | 0.3.38+repack-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| partclone | source | experimental | 0.2.90-1 | |||
| partclone | source | wheezy | 0.2.48-1+deb7u1 | DLA-923-1 | ||
| partclone | source | (unstable) | 0.2.89-3 | 857966 |
[jessie] - partclone <no-dsa> (Minor issue)
https://github.com/insidej/Partclone_HeapOverFlow/blob/master/README.md
https://github.com/Thomas-Tsai/partclone/issues/91
https://github.com/Thomas-Tsai/partclone/commit/2d6bcfd8016dc6090090934bab71c663d9a4d36d
https://github.com/Thomas-Tsai/partclone/commit/96401fb5b7221fc5f44df7079485c395f9c3a428