2 matches found
CVE-2019-14866
CVE-2019-14866 affects GNU cpio: all versions before 2.13 improperly validate input when generating TAR archives, enabling a local attacker to cause files with unintended permissions or paths when creating archives. Exploitation relies on archiving from paths, potentially enabling high-privilege ...
CVE-2010-4226
CVE-2010-4226 affects the cpio component as used by the build toolchain (e.g., in openSUSE/SUSE packaging). The vulnerability arises when a symlink within an RPM package archive can be followed to overwrite arbitrary files on the remote host. Reports in connected documents show remediation in the...