Heap-based buffer overflow in the process_copy_in
function in GNU Cpio 2.11 allows remote attackers to cause
a denial of service via a large block value in a cpio
archive.

cpio 2.11, when using the --no-absolute-filenames
option, allows local users to write to arbitrary files
via a symlink attack on a file in an archive.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchgcpio< 2.11_3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	gcpio	< 2.11_3	UNKNOWN

References

bugzilla.suse.com/show_bug.cgi?id=658010

security-tracker.debian.org/tracker/CVE-2014-9112

nessus 34

openvas 24

gentoo 1

securityvulns 4

ubuntucve 3

prion 3

mageia 3

debian 3

oraclelinux 1

redhat 1

fedora 2

cve 4

debiancve 3

ibm 1

archlinux 2

centos 1

alpinelinux 1

amazon 2

ubuntu 2

thn 1

redhatcve 2

securelist 1

packetstorm 1

metasploit 1

zdt 1

freebsd 1

attackerkb 1

rapid7blog 1

nessus

GLSA-201502-11 : GNU cpio: Multiple vulnerabilities

2015-02-16 00:00:00

Mandriva Linux Security Advisory : cpio (MDVSA-2015:065)

2015-03-30 00:00:00

FreeBSD : cpio -- multiple vulnerabilities (72ee9707-d7b2-11e4-8d8e-f8b156b6dcc8)

2015-04-01 00:00:00

openvas

Gentoo Security Advisory GLSA 201502-11

2015-09-29 00:00:00

Mageia: Security Advisory (MGASA-2014-0528)

2022-01-28 00:00:00

Debian: Security Advisory (DLA-111-1)

2023-03-08 00:00:00

gentoo

GNU cpio: Multiple vulnerabilities

2015-02-15 00:00:00

securityvulns

GNU cpio buffer overflow

2014-12-22 00:00:00

[ MDVSA-2014:250 ] cpio

2014-12-22 00:00:00

[ MDVSA-2015:066 ] cpio

2015-04-20 00:00:00

ubuntucve

CVE-2014-9112

2014-12-02 00:00:00

CVE-2015-1197

2015-02-19 00:00:00

CVE-2023-7207

2024-02-29 00:00:00

prion

Heap overflow

2014-12-02 16:59:00

Code injection

2015-02-19 15:59:00

Path traversal

2024-02-29 01:42:00

mageia

Updated cpio package fixes security vulnerability

2014-12-14 17:10:39

Updated cpio package fixes security vulnerability

2015-02-19 17:43:07

Updated cpio packages fix security vulnerabilities

2019-11-14 19:58:51

debian

[SECURITY] [DLA 111-1] cpio security update

2014-12-15 14:18:40

[SECURITY] [DSA 3111-1] cpio security update

2014-12-23 00:55:26

[SECURITY] [DSA 3111-1] cpio security update

2014-12-23 00:55:26

oraclelinux

cpio security and bug fix update

2015-11-23 00:00:00

redhat

(RHSA-2015:2108) Moderate: cpio security and bug fix update

2015-11-19 14:43:07

fedora

[SECURITY] Fedora 21 Update: cpio-2.11-33.fc21

2014-12-18 06:06:28

[SECURITY] Fedora 20 Update: cpio-2.11-28.fc20

2015-01-06 06:09:24

cve

CVE-2014-9112

2014-12-02 16:59:00

CVE-2015-1197

2015-02-19 15:59:00

CVE-2017-7516

2018-01-29 19:29:00

debiancve

CVE-2014-9112

2014-12-02 16:59:00

CVE-2015-1197

2015-02-19 15:59:00

CVE-2023-7207

2024-02-29 01:42:59

ibm

Security Bulletin: Vulnerability in cpio affects PowerKVM (CVE-2014-9112)

2018-06-18 01:30:30

archlinux

cpio: heap buffer overflow

2015-01-14 00:00:00

cpio: directory traversal

2015-03-23 00:00:00

centos

cpio security update

2015-11-30 19:26:10

alpinelinux

CVE-2015-1197

2015-02-19 15:59:00

amazon

Important: cpio

2024-02-29 10:03:00

Important: cpio

2024-02-28 23:54:00

ubuntu

GNU cpio vulnerabilities

2015-01-08 00:00:00

GNU cpio vulnerabilities

2016-02-22 00:00:00

thn

Zimbra Releases Patch for Actively Exploited Vulnerability in its Collaboration Suite

2022-10-17 09:50:00

redhatcve

CVE-2023-7207

2024-02-29 08:04:56

CVE-2017-7516

2018-01-29 12:50:11

securelist

Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)

2022-10-13 08:00:21

packetstorm

Zimbra Collaboration Suite TAR Path Traversal

2022-10-20 00:00:00

metasploit

TAR Path Traversal in Zimbra (CVE-2022-41352)

2022-10-06 17:23:53

zdt

Zimbra Collaboration Suite TAR Path Traversal Exploit

2022-10-21 00:00:00

freebsd

GNU cpio -- multiple vulnerabilities

2019-11-06 00:00:00

attackerkb

CVE-2022-41352

2022-09-26 00:00:00

rapid7blog

Exploitation of Unpatched Zero-Day Remote Code Execution Vulnerability in Zimbra Collaboration Suite (CVE-2022-41352)

2022-10-06 17:13:34

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.024 Low

EPSS

Percentile

89.7%

JSON

Related for 72EE9707-D7B2-11E4-8D8E-F8B156B6DCC8