CVE-2016-2037: The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.

medium6.5CVSS 3.0

AVNACLPRNUIRSUCNINAH

The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.

Affected

9 ranges

Vendor	Product	Version range	Fixed in
debian	cpio	< cpio 2.11+dfsg-5 (bookworm)	cpio 2.11+dfsg-5 (bookworm)
debian	debian_linux	—	—
debian	debian_linux	—	—
gnu	cpio	—	—
gnu	cpio	>= 0 < 2.11+dfsg-5	2.11+dfsg-5
gnu	cpio	>= 0 < 2.11+dfsg-5	2.11+dfsg-5
gnu	cpio	>= 0 < 2.11+dfsg-5	2.11+dfsg-5
gnu	cpio	>= 0 < 2.11+dfsg-5	2.11+dfsg-5
gnu	cpio	>= 0 < 2.11+dfsg-1ubuntu1.2	2.11+dfsg-1ubuntu1.2

CVSS provenance

nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

osv6.5MEDIUM