Siemens Ruggedcom ROX Integer Overflow or Wraparound (CVE-2021-38185)

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...

CLSA-2024-1712672449 Update of cpio

Fix integer overflow in dstring.c dsfgetstr that triggers an out-of-bounds heap write...

SUSE CVE-2023-7216

A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which allows files ...

PT-2023-8523 · Cpio · Cpio

Name of the Vulnerable Software and Affected Versions: cpio affected versions not specified Description: A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the...

cpio: improper input validation when writing tar header fields leads to unexpected tar generation

It was discovered cpio does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to...