Gnu Cpio
12 CVEs affecting Gnu Cpio. Latest disclosed: 2024-02-29. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-38185 | High | 7.8 | 2021-08-08 | GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers a… |
CVE-2019-14866 | High | 7.3 | 2020-01-07 | In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an… |
CVE-2010-4226 | High | 7.2 | 2014-02-06 | cpio, as used in build 2007.05.10, 2010.07.28, and possibly other versions, allows remote attackers to overwrite arbitrary files via a symlink within an RPM pa… |
CVE-2016-2037 | Medium | 6.5 | 2016-02-22 | The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file. |
CVE-2023-7216 | Medium | 5.3 | 2024-02-05 | A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially… |
CVE-2023-7207 | Medium | 4.9 | 2024-02-29 | Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absol… |
CVE-2005-1111 | Medium | 4.7 | 2005-05-02 | Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompres… |
CVE-2015-1197 | | 2015-02-19 | cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. | |
CVE-2014-9112 | | 2014-12-02 | Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a c… | |
CVE-2010-0624 | | 2010-03-15 | Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows… | |
CVE-2005-4268 | | 2005-12-15 | Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execu… | |
CVE-2005-1229 | | 2005-05-02 | Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file. |