EUVD-2021-0952

Malware in sbrugna...

GO-2022-0805 github.com/u-root/u-root/pkg/tarutil Arbitrary File Write via Archive Extraction (Zip Slip) in github.com/u-root/u-root

github.com/u-root/u-root/pkg/tarutil Arbitrary File Write via Archive Extraction Zip Slip in github.com/u-root/u-root...

GO-2022-0793 Path traversal in u-root in github.com/u-root/u-root

Path traversal in u-root in github.com/u-root/u-root...

Fedora: Security Advisory for golang-github-u-root-iscsinl (FEDORA-2022-37aef44d1e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-github-u-root-iscsinl-0.1.0-5.fc36

Go iSCSI initiator netlink library...

Fedora: Security Advisory for golang-github-u-root-iscsinl (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: golang-github-u-root-iscsinl-0.1.0-4.fc35

Go iSCSI initiator netlink library...

Fedora: Security Advisory for golang-github-u-root-iscsinl (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-github-u-root-iscsinl-0.1.0-4.fc36

Go iSCSI initiator netlink library...

GHSA-58PF-PCWV-QG85 Path traversal in u-root

This affects all versions of package github.com/u-root/u-root/pkg/uzip. It is vulnerable to both leading and non-leading relative path traversal attacks in zip file extraction...

Path traversal in u-root

This affects all versions of package github.com/u-root/u-root/pkg/uzip. It is vulnerable to both leading and non-leading relative path traversal attacks in zip file extraction...

github.com/u-root/u-root/pkg/tarutil Arbitrary File Write via Archive Extraction (Zip Slip)

This affects all versions up to and including version 0.7.0 of package github.com/u-root/u-root/pkg/tarutil. It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction...

GHSA-75QF-WGFJ-V652 github.com/u-root/u-root/pkg/tarutil Arbitrary File Write via Archive Extraction (Zip Slip)

This affects all versions up to and including version 0.7.0 of package github.com/u-root/u-root/pkg/tarutil. It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction...

Arbitrary File Write

github.com/u-root/u-root/pkg/tarutil is vulnerable to arbitrary file write. The vulnerability exists due to the incorrect usage of filepath.Join"/", path when performing cpio file extraction...

Arbitrary File Write

github.com/u-root/u-root/pkg/cpio is susceptible to arbitrary file write. The vulnerability exists because it uses filepath.Join without properly handling the file path for character / before performing cpio file extraction, therefore going out of the destination directory...

CVE-2020-7666

This affects all versions of package github.com/u-root/u-root/pkg/cpio. It is vulnerable to leading, non-leading relative path traversal attacks and symlink based relative and absolute path traversal attacks in cpio file extraction...

CVE-2020-7665

This affects all versions of package github.com/u-root/u-root/pkg/uzip. It is vulnerable to both leading and non-leading relative path traversal attacks in zip file extraction...

Path traversal

This affects all versions of package github.com/u-root/u-root/pkg/cpio. It is vulnerable to leading, non-leading relative path traversal attacks and symlink based relative and absolute path traversal attacks in cpio file extraction...

CVE-2020-7669

CVE-2020-7669 affects the Go package github.com/u-root/u-root/pkg/tarutil, vulnerable to both leading and non-leading relative path traversal attacks during tar extraction (Zip Slip). The issue is present in versions prior to 0.7.0; the restoration of safe extraction is achieved by upgrading to n...

CVE-2020-7666

The CVE-2020-7666 entry concerns github.com/u-root/u-root/pkg/cpio, where the cpio extraction code is vulnerable to path traversal (leading and non-leading relative paths) and symlink-based traversal (relative and absolute) during archive extraction. Multiple sources describe this as Arbitrary Fi...