GNU cpio 2.8

CPE Details

GNU cpio 2.8
gnu
cpio
2.8
2020-01-10
16h19 +00:00
2020-01-10
16h19 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:gnu:cpio:2.8:*:*:*:*:*:*:*

Informations

Vendor

gnu

Product

cpio

Version

2.8

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-38185 2021-08-06 22h00 +00:00 GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.
7.8
High
CVE-2019-14866 2020-01-07 16h53 +00:00 In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system.
7.3
High
CVE-2010-4226 2014-02-06 15h00 +00:00 cpio, as used in build 2007.05.10, 2010.07.28, and possibly other versions, allows remote attackers to overwrite arbitrary files via a symlink within an RPM package archive.
5
CVE-2010-0624 2010-03-12 19h00 +00:00 Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.
6.8