CVE-2023-7207

CWE-22Path Traversal8 documents8 sources
Severity
4.9MEDIUM
EPSS
0.1%
top 81.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian Debian CpioGNU Cpio
Timeline
PublishedFeb 29
Latest updateApr 29

Description

Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages3 packages

CVEListV5debian/debian_cpio< 2.14+dfsg-1
Debiancpio< 2.14+dfsg-1+1
NVDgnu/cpio2.13

Patches

Patch: git.savannah.gnu.orgPatch: git.savannah.gnu.org

🔴Vulnerability Details

3
GHSA
GHSA-x4gq-xcr8-xwp7: Debian's cpio contains a path traversal vulnerability2024-02-29
OSV
CVE-2023-7207: Debian's cpio contains a path traversal vulnerability2024-02-29
CVEList
CVE-2023-7207: Debian's cpio contains a path traversal vulnerability2024-01-05

📋Vendor Advisories

4
Ubuntu
GNU cpio vulnerabilities2024-04-29
Microsoft
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provide2024-01-09
Red Hat
cpio: path traversal vulnerability2024-01-04
Debian
CVE-2023-7207: cpio - Debian's cpio contains a path traversal vulnerability. This issue was introduced...2023