Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnu cpio vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2010-0624
Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar prior to 1.23 and GNU cpio prior to 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending mor...
Gnu Tar 1.13.16
Gnu Tar 1.13.17
Gnu Tar 1.14.90
Gnu Tar 1.15
Gnu Tar 1.18
Gnu Tar 1.17
Gnu Cpio 2.5
Gnu Cpio 2.5.90
Gnu Tar 1.13.11
Gnu Tar 1.13.14
Gnu Tar 1.14
Gnu Tar 1.14.1
Gnu Tar 1.20
Gnu Tar 1.19
Gnu Cpio 1.3
Gnu Cpio 2.4-2
Gnu Tar
Gnu Cpio
Gnu Tar 1.13.18
Gnu Tar 1.13.19
Gnu Tar 1.15.1
Gnu Tar 1.15.90
1 Github repository
605
VMScore
CVE-2021-38185
GNU cpio up to and including 2.13 allows malicious users to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, ...
Gnu Cpio
1 Github repository
409
VMScore
CVE-2005-1229
Directory traversal vulnerability in cpio 2.6 and previous versions allows remote malicious users to write to arbitrary directories via a .. (dot dot) in a cpio file.
Gnu Cpio
230
VMScore
CVE-2015-1197
cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.
Gnu Cpio 2.11
1 Metasploit module
1 Article
329
VMScore
CVE-2005-4268
Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits.
Gnu Cpio 2.6-8
445
VMScore
CVE-2014-9112
Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote malicious users to cause a denial of service via a large block value in a cpio archive.
Gnu Cpio 2.11
Debian Debian Linux 7.0
445
VMScore
CVE-2010-4226
cpio, as used in build 2007.05.10, 2010.07.28, and possibly other versions, allows remote malicious users to overwrite arbitrary files via a symlink within an RPM package archive.
Opensuse Opensuse 2010.07.28
Opensuse Opensuse 2007.05.10
Gnu Cpio
614
VMScore
CVE-2019-14866
In all versions of cpio prior to 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths ...
Gnu Cpio
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
NA
CVE-2023-7216
A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated malicious user to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directo...
Gnu Cpio -
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
329
VMScore
CVE-2005-1111
Race condition in cpio 2.6 and previous versions allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
Gnu Cpio
Debian Debian Linux 3.1
Debian Debian Linux 3.0
Canonical Ubuntu Linux 4.10
Canonical Ubuntu Linux 5.04
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »