Published: 15/03/2015 Updated: 07/11/2023

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and previous versions allows remote malicious users to write to arbitrary files via a full pathname in an archive.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libarchive libarchive
canonical ubuntu linux 12.04
canonical ubuntu linux 14.10
canonical ubuntu linux 14.04
opensuse opensuse 13.1
opensuse opensuse 13.2

libarchive could be made to crash or overwrite files ...

Alexander Cherepanov discovered that bsdcpio, an implementation of the cpio program part of the libarchive project, is susceptible to a directory traversal vulnerability via absolute paths For the stable distribution (wheezy), this problem has been fixed in version 304-3+wheezy1 For the upcoming stable distribution (jessie), this problem has be ...

Absolute path traversal vulnerability in bsdcpio in libarchive 312 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive ...

CWE-22 http://www.openwall.com/lists/oss-security/2015/01/07/5 https://github.com/libarchive/libarchive/pull/110 https://github.com/libarchive/libarchive/commit/59357157706d47c365b2227739e17daba3607526 http://www.debian.org/security/2015/dsa-3180 http://www.openwall.com/lists/oss-security/2015/01/16/7 http://lists.opensuse.org/opensuse-updates/2015-03/msg00065.html http://www.ubuntu.com/usn/USN-2549-1 http://advisories.mageia.org/MGASA-2015-0106.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:157 https://www.freebsd.org/security/advisories/FreeBSD-SA-16:22.libarchive.asc http://www.securitytracker.com/id/1035996 https://security.gentoo.org/glsa/201701-03 https://groups.google.com/forum/#%21msg/libarchive-discuss/dN9y1VvE1Qk/Z9uerigjQn0J https://usn.ubuntu.com/2549-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2015-2304

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-2304

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect