26 matches found
CVE-2020-7666 Arbitrary File Write via Archive Extraction (Zip Slip)
This affects all versions of package github.com/u-root/u-root/pkg/cpio. It is vulnerable to leading, non-leading relative path traversal attacks and symlink based relative and absolute path traversal attacks in cpio file extraction...
CVE-2020-7665
CVE-2020-7665 affects all versions of github.com/u-root/u-root/pkg/uzip. The connected sources describe a path traversal (Zip Slip) flaw in zip extraction that can lead to arbitrary file writes outside the target directory. Practical impact stated: risk of writing files outside the intended locat...
Arbitrary File Write via Archive Extraction (Zip Slip)
Overview github.com/u-root/u-root/pkg/uzip is a package that provides Go versions of standard Linux tools and bootloaders. It also provides tools for compiling Go programs in a single binary and creating initramfs images. Affected versions of this package are vulnerable to Arbitrary File Write vi...
Arbitrary File Write via Archive Extraction (Zip Slip)
Overview github.com/u-root/u-root/pkg/cpio is a package that provides Go versions of standard Linux tools and bootloaders. It also provides tools for compiling Go programs in a single binary and creating initramfs images. Affected versions of this package are vulnerable to Arbitrary File Write vi...
PT-2020-19693 · U Root · U-Root
Name of the Vulnerable Software and Affected Versions: u-root versions affected versions not specified Description: The issue concerns path traversal attacks, specifically both leading and non-leading relative path traversal, in zip file extraction. This affects the u-root package, particularly i...
PT-2020-19694 · U Root · U-Root
Name of the Vulnerable Software and Affected Versions: u-root versions prior to 7.0.0 Description: The issue affects the cpio file extraction in the u-root package, making it vulnerable to leading and non-leading relative path traversal attacks, as well as symlink-based path traversal attacks, bo...