A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated malicious user to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which allows files to be written in arbitrary directories through symlinks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnu cpio - |
||
redhat enterprise linux 7.0 |
||
redhat enterprise linux 8.0 |
||
redhat enterprise linux 9.0 |