Lucene search

K

FreeBSDF59AF308-07F3-11EA-8C56-F8B156B6DCC8

HistoryNov 06, 2019 - 12:00 a.m.

GNU cpio -- multiple vulnerabilities

2019-11-0600:00:00

vuxml.freebsd.org

15

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.043 Low

EPSS

Percentile

92.2%

Sergey Poznyakoff reports:

This stable release fixes several potential vulnerabilities
CVE-2015-1197: cpio, when using the --no-absolute-filenames
option, allows local users to write to arbitrary files
via a symlink attack on a file in an archive.
CVE-2016-2037: The cpio_safer_name_suffix function in
util.c allows remote attackers to cause a denial of service
(out-of-bounds write) via a crafted cpio file.
CVE-2019-14866: Improper input validation when writing
tar header fields leads to unexpected tar generation.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchgcpio< 2.13UNKNOWN

References

lists.gnu.org/archive/html/bug-cpio/2019-11/msg00000.html

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.043 Low

EPSS

Percentile

92.2%

Related for F59AF308-07F3-11EA-8C56-F8B156B6DCC8