CVE-2019-14866

CVE-2019-14866 affects GNU cpio: all versions before 2.13 improperly validate input when generating TAR archives, enabling a local attacker to cause files with unintended permissions or paths when creating archives. Exploitation relies on archiving from paths, potentially enabling high-privilege ...

CVE-2021-38185

CVE-2021-38185 affects GNU cpio up to version 2.13. The issue is an integer overflow in ds_fgetstr() (dstring.c) that can trigger an out-of-bounds heap write via a crafted pattern file, potentially enabling arbitrary code execution. Public advisories from multiple vendors confirm patched releases...

CVE-2015-1197

The CVE-2015-1197 issue affects cpio 2.11, where using --no-absolute-filenames enables a local user to write to arbitrary files via a symlink attack on an archive entry (path traversal). Connected sources confirm this vulnerability and describe upstream fixes to --no-absolute-filenames in later c...

CVE-2023-7216

CVE-2023-7216 describes a path-traversal vulnerability in the CPIO utility where, during extraction of a crafted archive, a remote, unauthenticated attacker could cause the archiver to follow symlinks outside the target directory, enabling files to be written in arbitrary locations. Multiple sour...

CVE-2010-4226

CVE-2010-4226 affects the cpio component as used by the build toolchain (e.g., in openSUSE/SUSE packaging). The vulnerability arises when a symlink within an RPM package archive can be followed to overwrite arbitrary files on the remote host. Reports in connected documents show remediation in the...

CVE-2014-9112

CVE-2014-9112 affects GNU cpio (2.11) via a heap-based buffer overflow in process_copy_in triggered by crafted archives. IBM notes potential remote code execution or elevated-privilege crash on PowerKVM systems; Debian/Red Hat/Fedora advisories confirm fixes in respective package updates (e.g., D...

CVE-2016-2037

CVE-2016-2037 affects the cpio utility (cpio 2.11) via the cpio_safer_name_suffix function in util.c, enabling an attacker to cause an out-of-bounds write through a crafted cpio file, resulting in a denial of service. Related entries note additional issues (e.g., CVE-2021-38185) in GNU cpio, incl...

CVE-2010-0624

CVE-2010-0624 describes a heap-based buffer overflow in the rmt_read__ function of lib/rtapelib.c within the rmt client of GNU tar (before 1.23) and GNU cpio (before 2.11). A remote rmt server sending more data than requested (in archives whose filenames contain a colon) can cause memory corrupti...

CVE-2005-4268

CVE-2005-4268 is a buffer overflow vulnerability in GNU cpio, reported on 64-bit platforms when creating archives. The issue arises from handling a file size represented by more than 8 digits, enabling a local user to crash the cpio process and potentially gain code execution. Public details acro...

CVE-2023-7207

CVE-2023-7207 affects Debian/Ubuntu CPIO and is caused by reverting patches to --no-absolute-filenames that reintroduced a path-traversal weakness. Upstream has provided a proper fix to --no-absolute-filenames. Evidence in connected advisories confirms the issue as a cpio path traversal vulnerabi...

CVE-2005-1229

CPIO (GNU cpio) prior to version 2.6 is affected by CVE-2005-1229, a directory-traversal flaw that lets an attacker write to arbitrary directories during extraction via a .. path in an archive. The root cause is that cpio does not sanitise extracted paths (even with --no-absolute-filenames). Cons...

CVE-2005-1111

Summary (CVE-2005-1111 family) : The cpio utility (2.6 and earlier) is affected by a local race condition when extracting or creating files, allowing a local attacker with write access to the target directory to modify the permissions of files being created or extracted. Related issues include im...