Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-7207

Published: 29/02/2024 Updated: 29/02/2024

Vulnerability Summary

Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.

Vulnerability Trend

Mailing Lists

Full Disclosure: Re: Security vulnerability in Debian's cpio 2.13
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: Security vulnerability in Debian's cpio 213 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Mark Esler &lt;m ...

References

https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=376d663340a9dc91c91a5849e5713f07571c1628https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163https://www.openwall.com/lists/oss-security/2023/12/21/8https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207http://www.openwall.com/lists/oss-security/2024/01/05/1https://nvd.nist.govhttps://seclists.org/oss-sec/2024/q1/11
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook