Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Path Traversal
Libarchive
Ubuntu Linux
Opensuse
NVD
GitHub
CVSS 2.0
6.4
EPSS
3.5%