Debian Cpio vulnerabilities
2 known vulnerabilities affecting debian/debian_cpio.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
LOW2
Vulnerabilities
Page 1 of 1
CVE-2023-7207LOWCVSS 1.9fixed in 2.14+dfsg-12024-01-05
CVE-2023-7207 [LOW] CVE-2023-7207: Debian's cpio contains a path traversal vulnerability
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.
cvelistv5
CVE-2015-1197LOWCVSS 1.9PoCfixed in 2.14+dfsg-12015-02-19
CVE-2015-1197 [LOW] CVE-2015-1197: cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary f
cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.
nvd