94 matches found
CVE-2021-38185
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...
PT-2021-4457 · Gnu +10 · Gnu Cpio +10
Name of the Vulnerable Software and Affected Versions: GNU cpio versions 2.13 and earlier Description: The issue is caused by an integer overflow in the dstring.c component of the GNU cpio package, specifically in the ds fgetstr function. This overflow triggers an out-of-bounds heap write, allowi...
Security Bulletin: IBM Bootable Media Creator (BoMC) is affected by a vulnerability in GNU cpio (CVE-2019-14866)
Summary IBM Bootable Media Creator BoMC has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-14866 DESCRIPTION: GNU cpio could allow a local authenticated attacker to gain elevated privileges on the system, caused by the failure to properly validate input files when...
Moderate: Red Hat Security Advisory: cpio security update
An update for cpio is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
Moderate: cpio security update
The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another. Security Fixes: cpio: improper input validation when writing tar header fields leads to unexpected tar generation CVE-2019-14866 For more details about the security...
Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2019-20386 DESCRIPTION: systemd is vulnerable to a denial of service, caused by a memory leak in the buttonopen function in...
Moderate: Red Hat Security Advisory: cpio security update
An update for cpio is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
FreeBSD : GNU cpio -- multiple vulnerabilities (f59af308-07f3-11ea-8c56-f8b156b6dcc8)
Sergey Poznyakoff reports : This stable release fixes several potential vulnerabilities CVE-2015-1197: cpio, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. CVE-2016-2037: The cpiosafernamesuffix function ...
USN-4176-1: GNU cpio vulnerability | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Thomas Habets discovered that GNU cpio incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. CVEs contained in this USN...
Ubuntu 16.04 LTS / 18.04 LTS : GNU cpio vulnerability (USN-4176-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4176-1 advisory. Thomas Habets discovered that GNU cpio incorrectly handled certain inputs. An attacker could possibly use this issue to privilege escalation. Tenable...
USN-4176-1: GNU cpio vulnerability
Thomas Habets discovered that GNU cpio incorrectly handled certain inputs. An attacker could possibly use this issue to privilege escalation...
Security Bulletin: Vulnerability in cpio affects PowerKVM (CVE-2014-9112)
Summary A vulnerability in GNU cpio CVE-2014-9112 affects PowerKVM. Vulnerability Details CVEID: CVE-2014-9112 DESCRIPTION: GNU cpio is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the processcopyin function. By persuading a victim to extract a specially-craft...
Ubuntu 14.04 LTS : GNU cpio vulnerabilities (USN-2906-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2906-1 advisory. Alexander Cherepanov discovered that GNU cpio incorrectly handled symbolic links when used with the --no- absolute-filenames option. If a user or automat...
USN-2906-1: GNU cpio vulnerabilities
Alexander Cherepanov discovered that GNU cpio incorrectly handled symbolic links when used with the --no-absolute-filenames option. If a user or automated system were tricked into extracting a specially-crafted cpio archive, a remote attacker could possibly use this issue to write arbitrary files...
Gentoo Security Advisory GLSA 201502-11
Gentoo Linux Local Security Checks GLSA 201502-11 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...
cpio -- multiple vulnerabilities
From the Debian Security Team: Heap-based buffer overflow in the processcopyin function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive. cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitra...
MGASA-2015-0080 Updated cpio package fixes security vulnerability
In GNU Cpio 2.11, the --no-absolute-filenames option limits extracting contents of an archive to be strictly inside a current directory. However, it can be bypassed with symlinks. While extracting an archive, it will extract symlinks and then follow them if they are referenced in further entries...
Updated cpio package fixes security vulnerability
In GNU Cpio 2.11, the --no-absolute-filenames option limits extracting contents of an archive to be strictly inside a current directory. However, it can be bypassed with symlinks. While extracting an archive, it will extract symlinks and then follow them if they are referenced in further entries...
GLSA-201502-11 : GNU cpio: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201502-11 GNU cpio: Multiple vulnerabilities Two vulnerabilities have been discovered in GNU cpio: The listfile function in GNU cpio contains a heap-based buffer overflow vulnerability CVE-2014-9112 A directory traversal...
GNU cpio: Multiple vulnerabilities
Background GNU cpio copies files into or out of a cpio or tar archive. Description Two vulnerabilities have been discovered in GNU cpio: The listfile function in GNU cpio contains a heap-based buffer overflow vulnerability CVE-2014-9112 A directory traversal vulnerability has been found in GNU cp...