Zimbra Collaboration - Unrestricted File Upload

An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole extraction to /opt/zimbra/jetty/webapps/zimbra/public that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also,...

CLSA-2026-1777538340 Update of cpio

Fix integer overflow in dstring.c dsfgetstr that triggers an out-of-bounds heap write...

Astra Linux - уязвимость в cpio

The vulnerability of the fromascii function in the copyin.c component of the Cpio compression utility is related to buffer overflows in the stack. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

Astra Linux - уязвимость в cpio

The vulnerability of the readnamefromfile function in the Cpio archiving utility is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to gain access to confidential data and also cause service interruptions...

Astra Linux - уязвимость в klibc

A issue was discovered in klibc before version 2.0.9. Multiple potential integer overflows in the cpio command on 32-bit systems could lead to a buffer overflow or other security issues...

Astra Linux - уязвимость в cpio

The vulnerability of the parseopt function in the Cpio archiver utility is related to integer overflow. Exploiting this vulnerability allows an attacker to cause a service failure...

Astra Linux - уязвимость в cpio

In GNU Cpio from version 2.13 onwards, attackers can execute arbitrary code by using a crafted pattern file. This occurs due to a dstring.c dsfgetstr integer overflow, which triggers an out-of-bounds heap write. NOTE: It is unclear whether there are common cases where the pattern file, associated...

Astra Linux - уязвимость в cpio

Debian’s cpio package contains a path traversal vulnerability. This issue was introduced by reverting the CVE-2015-1197 patches, which caused a regression in the --no-absolute-filenames option. Upstream has since provided a proper fix for this issue...

Astra Linux - уязвимость в cpio

The vulnerability of the Cpio archiving utility is related to integer overflow. Exploiting this vulnerability allows an attacker to cause a service failure...

Astra Linux - уязвимость в klibc

A issue was discovered in klibc before version 2.0.9. An integer overflow in the cpio command may lead to a NULL pointer dereferencing on 64-bit systems...

Astra Linux - уязвимость в cpio

The vulnerability of the parserparseopt function in the Cpio archiver utility is related to an incorrect bit shifting of a integer value. Exploiting this vulnerability allows an attacker to cause a service failure...

CLSA-2026-1777368104 Fix CVE(s): CVE-2023-39810

SECURITY UPDATE: directory traversal in cpio extraction - debian/patches/CVE-2023-39810.patch: add FEATUREPATHTRAVERSALPROTECTION config option, call stripunsafeprefix in dataextractall.c to prevent path traversal via ../ in archive filenames. Covers cpio, ar, rpm. - Enable...

[SECURITY] Fedora 44 Update: libarchive-3.8.7-1.fc44

Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives...

[SECURITY] Fedora 44 Update: libarchive-3.8.6-1.fc44

Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives...

[slackware-security] libarchive

New libarchive packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libarchive-3.8.7-i586-1slack15.0.txz: Upgraded. Libarchive 3.8.7 is a security and bugfix release. Notable fixes: CAB: fix NULL...

Important: libarchive security update

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...

SUSE-SU-2026:20592-1 Security update for 7zip

This update for 7zip fixes the following issues: - Update to 25.01 boo1249130 The code for handling symbolic links has been changed to provide greater security when extracting files from archives Command line switch -snld20 can be used to bypass default security checks when creating symbolic link...

Siemens SCALANCE and RUGGEDCOM Improper Input Validation (CVE-2023-39810)

An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ExpandApk function. An attacker can cause excessive resource consumption by providing a specially crafted, highly-compressed .apk stream that decompresses into a large tar...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ExpandApk function. An attacker can cause excessive resource consumption by providing a specially crafted, highly-compressed .apk stream that decompresses into a large tar...