Skip to main content

Cpio

4 CVEs product

Monthly

CVE-2021-38185 HIGH POC PATCH This Week

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow RCE Cpio
NVD GitHub
CVSS 3.1
7.8
EPSS
4.2%
CVE-2016-2037 MEDIUM This Month

The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 19.4% and no vendor patch available.

Denial Of Service Buffer Overflow Cpio Debian Linux
NVD
CVSS 3.0
6.5
EPSS
19.4%
CVE-2015-1197 LOW POC Monitor

cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. Rated low severity (CVSS 1.9). Public exploit code available and no vendor patch available.

Information Disclosure Cpio
NVD
CVSS 2.0
1.9
EPSS
3.4%
CVE-2014-9112 MEDIUM POC This Month

Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Cpio Debian Linux
NVD
CVSS 2.0
5.0
EPSS
1.3%
EPSS 4% CVSS 7.8
HIGH POC PATCH This Week

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow RCE Cpio
NVD GitHub
EPSS 19% CVSS 6.5
MEDIUM This Month

The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 19.4% and no vendor patch available.

Denial Of Service Buffer Overflow Cpio +1
NVD
EPSS 3% CVSS 1.9
LOW POC Monitor

cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. Rated low severity (CVSS 1.9). Public exploit code available and no vendor patch available.

Information Disclosure Cpio
NVD
EPSS 1% CVSS 5.0
MEDIUM POC This Month

Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Cpio +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy