Sorry for the quick follow-up - I just wanted to make a note of a typo in our previous email. This is not an RCE bug, it is an ACE bug. ________________________________ From: Maverick Chung Sent: Friday, August 6, 2021 4:15 PM To: [email protected] <[email protected]> Cc: Qiaoyi Fang <[email protected]> Subject: cpio RCE Exploit Caused by Integer Overflow
Hello, Qiaoyi Fang (cc'ed) and I are both CS students at Duke, and we've discovered an RCE exploit in cpio, caused by an integer overflow in ds_fgetstr. We've created the exploit on cpio 2.13, on the version the current kali-rolling. We've attached a bug report containing all the details, as well as the files necessary to reproduce the exploit. Additionally, we've recorded the exploit here: https://youtu.be/F0yKJhu7Vak. Please let us know if you have any questions. Thank you! Sincerely, Maverick Chung and Qiaoyi Fang
