2 matches found
Mandrake Linux Security Advisory : cpio (MDKSA-2007:233)
Buffer overflow in the safernamesuffix function in GNU cpio has unspecified attack vectors and impact, resulting in a crashing stack. This problem is originally found in tar, but affects cpio too, due to similar code fragments. CVE-2007-4476 Directory traversal vulnerability in cpio 2.6 and earli...
CVE-2005-1229
CPIO (GNU cpio) prior to version 2.6 is affected by CVE-2005-1229, a directory-traversal flaw that lets an attacker write to arbitrary directories during extraction via a .. path in an archive. The root cause is that cpio does not sanitise extracted paths (even with --no-absolute-filenames). Cons...