CVE-2005-1229: Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file.

medium4.6CVSS 3.1

AVLACLAuNCPIPAP

Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file.

Affected

6 ranges

Vendor	Product	Version range	Fixed in
debian	cpio	< cpio 2.6-6 (bookworm)	cpio 2.6-6 (bookworm)
gnu	cpio	<= 2.6	—
gnu	cpio	>= 0 < 2.6-6	2.6-6
gnu	cpio	>= 0 < 2.6-6	2.6-6
gnu	cpio	>= 0 < 2.6-6	2.6-6
gnu	cpio	>= 0 < 2.6-6	2.6-6

CVSS provenance

nvd4.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P

osv4.6MEDIUM