Astra Linux - уязвимость в cpio

Debian’s cpio package contains a path traversal vulnerability. This issue was introduced by reverting the CVE-2015-1197 patches, which caused a regression in the --no-absolute-filenames option. Upstream has since provided a proper fix for this issue...

Astra Linux - уязвимость в cpio

In GNU Cpio from version 2.13 onwards, attackers can execute arbitrary code by using a crafted pattern file. This occurs due to a dstring.c dsfgetstr integer overflow, which triggers an out-of-bounds heap write. NOTE: It is unclear whether there are common cases where the pattern file, associated...

MiracleLinux 7 : cpio-2.11-28.el7 (AXSA:2020-579:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-579:01 advisory. CVE-2019-14866 In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archiv...

EulerOS 2.0 SP11 : busybox (EulerOS-SA-2025-2220)

According to the versions of the busybox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal.CVE-2023-39810 Tenable has extracted the precedi...

EUVD-2010-4200

Malware in sbrugna...

EUVD-2019-5982

Malware in sbrugna...

EUVD-2005-1232

Malware in sbrugna...

EUVD-2005-4263

Malware in sbrugna...

EUVD-2023-59388

Malicious code in bioql PyPI...

Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.

...

OESA-2025-1886 busybox security update

BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. It provides a fairly complete environment for any small or embedded system. Security Fixes: An issue ...

NewStart CGSL MAIN 7.02 : cpio Vulnerability (NS-SA-2025-0164)

The remote NewStart CGSL host, running version MAIN 7.02, has cpio packages installed that are affected by a vulnerability: - cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. CVE-2015-1197 Note...

TencentOS Server 3: cpio (TSSA-2022:0199)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0199 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

The vulnerability of the binary archiver cpio lies in the improper limitation of the path name for the limited directory, allowing a hacker to trigger a service failure.

The vulnerability of the binary archiver cpio is related to a regression issue when the --no-absolute-filenames parameter is used. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...

ROS-20240902-07

A vulnerability in the cpio binary archiver is related to regression when using the command line parameter --no-absolute-filenames. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service...

Important: cpio

Issue Overview: cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. CVE-2015-1197 Affected Packages: cpio Issue Correction: Run dnf update cpio --releasever 2023.3.20240304 or dnf update --advisory...

Important: cpio

Issue Overview: cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. CVE-2015-1197 Affected Packages: cpio Issue Correction: Run dnf update cpio --releasever 2023.3.20240304 to update your system. Ne...

Important: cpio

Issue Overview: cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. CVE-2015-1197 Affected Packages: cpio Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ...

The vulnerability of the cpio archiving utility in the Red Hat Enterprise Linux operating systems allows a hacker to execute arbitrary commands.

The vulnerability of the cpio archiving utility in the Red Hat Enterprise Linux operating systems is related to an incorrect definition of the reference before accessing the file. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CPIO Security Vulnerabilities

cpio is a file backup program for UNIX-like systems. A security vulnerability exists in CPIO. An attacker could exploit the vulnerability to access files and directories stored outside of the web root folder...