Published: 07/01/2020 Updated: 04/06/2023

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

CVSS v3 Base Score: 7.3 | Impact Score: 5.9 | Exploitability Score: 1.3

VMScore: 614

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

In all versions of cpio prior to 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu cpio
redhat enterprise linux 7.0
redhat enterprise linux 8.0

GNU cpio could be used to privilege escalation if it received a specially crafted input ...

Synopsis Moderate: cpio security update Type/Severity Security Advisory: Moderate Topic An update for cpio is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gi ...

Synopsis Low: OpenShift Container Platform 4340 security and bug fix update Type/Severity Security Advisory: Low Topic An update is now available for Red Hat OpenShift Container Platform 43Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring S ...

Synopsis Moderate: security update - Red Hat Ansible Tower 36 runner release (CVE-2019-18874) Type/Severity Security Advisory: Moderate Topic Red Hat Ansible Tower 36 runner release (CVE-2019-18874) Description Updated python-psutil version to 566 inside ansible-runner container(CVE-20 ...

Synopsis Moderate: OpenShift Container Platform 4654 extras and security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4654 is now available with updates to packages and images that fix several bugsThis release includes a security update for Red Hat OpenShift Container Platform 46Re ...

Synopsis Moderate: security update - Red Hat Ansible Tower 37 runner release (CVE-2019-18874) Type/Severity Security Advisory: Moderate Topic Red Hat Ansible Tower 37 runner release (CVE-2019-18874) Description Updated python-psutil version to 566 inside ansible-runner container (CVE-2 ...

It was discovered cpio does not properly validate input files when generating TAR archives When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to Extracting those archives from a high-privilege user witho ...

NVD-CWE-Other https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14866 https://lists.gnu.org/archive/html/bug-cpio/2019-08/msg00003.html https://lists.gnu.org/archive/html/bug-cpio/2019-11/msg00000.html https://lists.debian.org/debian-lts-announce/2023/06/msg00007.html https://usn.ubuntu.com/4176-1/https://nvd.nist.gov

CVE-2019-14866

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect