QwikSec

Security Database

CVE

CWE

Training

CVE-2015-8872

Published: Jun 3, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

openSUSE-SU-2016:1461

vendor-advisory

x_refsource_SUSE

https://github.com/dosfstools/dosfstools/releases/tag/v4.0

x_refsource_CONFIRM

https://github.com/dosfstools/dosfstools/issues/12

x_refsource_CONFIRM

https://blog.fuzzing-project.org/44-dosfstools-fsck.vfat-Several-invalid-memory-accesses.html

x_refsource_MISC

vendor-advisory

x_refsource_UBUNTU

https://github.com/dosfstools/dosfstools/commit/07908124838afcc99c577d1d3e84cef2dbd39cb7

x_refsource_CONFIRM

openSUSE-SU-2016:2233

vendor-advisory

x_refsource_SUSE

vdb-entry

x_refsource_BID

[debian-lts-announce] 20200530 [SECURITY] [DLA 2224-1] dosfstools security update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.