36 matches found
EUVD-2008-4200
Malware in sbrugna...
EUVD-2016-5791
Malware in sbrugna...
EUVD-2024-51814
Malicious code in bioql PyPI...
RLSA-2025:7510 Moderate: libarchive security update
The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...
CVE-2024-53142
In the Linux kernel, the following vulnerability has been resolved: initramfs: avoid filename buffer overrun The initramfs filename field is defined in Documentation/driver-api/early-userspace/buffer-format.rst as: 37 cpiofile := ALGN4 + cpioheader + filename + "\0" + ALGN4 + data ... 55...
CVE-2024-53142
In the Linux kernel, the following vulnerability has been resolved: initramfs: avoid filename buffer overrun The initramfs filename field is defined in Documentation/driver-api/early-userspace/buffer-format.rst as: 37 cpiofile := ALGN4 + cpioheader + filename + "\0" + ALGN4 + data ... 55...
UBUNTU-CVE-2024-53142
In the Linux kernel, the following vulnerability has been resolved: initramfs: avoid filename buffer overrun The initramfs filename field is defined in Documentation/driver-api/early-userspace/buffer-format.rst as: 37 cpiofile := ALGN4 + cpioheader + filename + "\0" + ALGN4 + data ... 55...
CVE-2024-53142 initramfs: avoid filename buffer overrun
In the Linux kernel, the following vulnerability has been resolved: initramfs: avoid filename buffer overrun The initramfs filename field is defined in Documentation/driver-api/early-userspace/buffer-format.rst as: 37 cpiofile := ALGN4 + cpioheader + filename + "\0" + ALGN4 + data ... 55...
CVE-2024-53142
CVE-2024-53142: Linux kernel initramfs fix for filename buffer overrun. Root cause: during initramfs cpio extraction, the do_name() path passed a non-zero-terminated filename to kernel file operations, allowing trailing bytes from uninitialized memory to be incorporated into a created path. Impac...
OESA-2024-2170 libarchive security update
is an open-source BSD-licensed C programming library that provides streaming access to a variety of different archive formats, including tar, cpio, pax, zip, and ISO9660 images. The distribution also includes bsdtar and bsdcpio, full-featured implementations of tar and cpio that use . Security...
PT-2024-30540 · Unknown · Calamares-Nixos-Extensions
Name of the Vulnerable Software and Affected Versions: calamares-nixos-extensions versions prior to 0.3.17 Description: The issue affects users who installed NixOS through the graphical installer using manual disk partitioning, where the system boots via legacy BIOS, some disk partitions are...
CVE-2023-36476
calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users of calamares-nixos-extensions version 0.3.12 and prior who installed NixOS through the graphical calamares installer, with an unencrypted /boot, on either non-UEFI systems or with a LU...
SUSE CVE-2014-9112
Heap-based buffer overflow in the processcopyin function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive...
SUSE CVE-2016-2037
The cpiosafernamesuffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service out-of-bounds write via a crafted cpio file...
Denial Of Service (DoS)
libarchive is vulnerable to denial of service DoS attacks. This is caused when a corrupted cpio archive has a ridiculously large size for a symlink. malloc fails here when trying to allocate memory to contain the entire symlink which allows remote attackers to affect the availability of the...
DEBIAN-CVE-2016-4809
The archivereadformatcpioreadheader function in archivereadsupportformatcpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service application crash via a CPIO archive with a large symlink...
Code injection
The archivereadformatcpioreadheader function in archivereadsupportformatcpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service application crash via a CPIO archive with a large symlink...
CVE-2016-4809
The archivereadformatcpioreadheader function in archivereadsupportformatcpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service application crash via a CPIO archive with a large symlink...
Scientific Linux Security Update : libarchive on SL6.x i386/x86_64 (20160912)
Security Fixes : - A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive...
libarchive: Memory allocate error with symbolic links in cpio archives
A vulnerability was found in libarchive. A specially crafted cpio archive containing a symbolic link to a ridiculously large target path can cause memory allocation to fail, resulting in any attempt to view or extract the archive crashing...