34 matches found
Astra Linux - уязвимость в cpio
In GNU Cpio from version 2.13 onwards, attackers can execute arbitrary code by using a crafted pattern file. This occurs due to a dstring.c dsfgetstr integer overflow, which triggers an out-of-bounds heap write. NOTE: It is unclear whether there are common cases where the pattern file, associated...
CVE-2026-28801 Natro Macro: Code Injection through Pattern/Path files
Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, any ahk code contained inside of a pattern or path file is executed by the macro. Since users commonly share path/pattern files, an attacker could share a file containing malicious code, which i...
Siemens Ruggedcom ROX Integer Overflow or Wraparound (CVE-2021-38185)
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...
EUVD-2025-28078
Malicious code in bioql PyPI...
CVE-2025-47149
The optional feature 'Anti-Virus & Sandbox' of i-FILTER contains an issue with improper pattern file validation. If exploited, the product may treat an unauthorized pattern file as an authorized. If the product uses a specially crafted pattern file, information in the server where the product is...
CVE-2025-47149
The optional feature 'Anti-Virus & Sandbox' of i-FILTER contains an issue with improper pattern file validation. If exploited, the product may treat an unauthorized pattern file as an authorized. If the product uses a specially crafted pattern file, information in the server where the product is...
JVN#68079883: Improper pattern file validation in i-FILTER optional feature 'Anti-Virus & Sandbox'
The optional feature 'Anti-Virus & Sandbox' of i-FILTER provided by Digital Arts Inc. validates pattern files improperly. Improper pattern file validation CWE-348 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 6.9 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score...
cpio: Arbitrary Code Execution
Background cpio is a file archival tool which can also read and write tar files. Description Multiple vulnerabilities have been discovered in cpio. Please review the CVE identifiers referenced below for details. Impact GNU cpio allows attackers to execute arbitrary code via a crafted pattern file...
CentOS 9 : cpio-2.13-16.el9
The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the cpio-2.13-16.el9 build changelog. - GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that...
NewStart CGSL MAIN 6.06 : cpio Vulnerability (NS-SA-2023-0088)
The remote NewStart CGSL host, running version MAIN 6.06, has cpio packages installed that are affected by a vulnerability: - GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-boun...
Medium: cpio
Issue Overview: GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the ...
SUSE CVE-2021-38185
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...
AlmaLinux 8 : cpio (ALSA-2022:1991)
The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2022:1991 advisory. - GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an...
RHEL 8 : cpio (RHSA-2022:1991)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:1991 advisory. The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another. Security Fixes: cpio...
cpio: integer overflow in ds_fgetstr() in dstring.c can lead to an out-of-bounds write via a crafted pattern file
A flaw was found in cpio. An integer overflow that triggers an out-of-bounds heap write can allow an attacker to execute arbitrary code via a crafted pattern file. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
CentOS 8 : cpio (CESA-2022:1991)
The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2022:1991 advisory. - cpio: integer overflow in dsfgetstr in dstring.c can lead to an out-of-bounds write via a crafted pattern file CVE-2021-38185 Note that Nessus has not tested...
EulerOS Virtualization 3.0.6.6 : cpio (EulerOS-SA-2022-1114)
According to the versions of the cpio package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The cpiosafernamesuffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service out-of-bounds write via...
EulerOS 2.0 SP9 : cpio (EulerOS-SA-2021-2681)
According to the versions of the cpio package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that...
Updated cpio packages fix security vulnerability
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. CVE-2021-38185...
OESA-2021-1325 cpio security update
GNU cpio copies files into or out of a cpio or tar archive. The archive can be another file on the disk, a magnetic tape, or a pipe. Security Fixes: GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that...