It was reported that cpio is vulnerable to a directory traversal
vulnerability when using the --no-absolute-filenames option. While
extracting an archive, it will extract symlinks and then follow them if
they are referenced in further entries. This can be exploited by a rogue
archive to write to files outside the current directory.

OSVersionArchitecturePackageVersionFilename
anyanyanycpio< 2.11-6UNKNOWN

OS	Version	Architecture	Package	Version	Filename
any	any	any	cpio	< 2.11-6	UNKNOWN

References

bugs.archlinux.org/task/44173

lists.gnu.org/archive/html/bug-cpio/2015-01/msg00000.html

web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1197

openvas 14

nessus 30

alpinelinux 1

securityvulns 2

ubuntucve 2

cve 3

nvd 3

cvelist 2

amazon 2

prion 2

debiancve 2

redhatcve 2

securelist 1

freebsd 2

thn 1

mageia 2

zdt 1

packetstorm 1

ubuntu 1

metasploit 1

gentoo 1

attackerkb 1

rapid7blog 1

openvas

Huawei EulerOS: Security Advisory for cpio (EulerOS-SA-2023-3237)

2023-12-12 00:00:00

Huawei EulerOS: Security Advisory for cpio (EulerOS-SA-2023-3491)

2023-12-22 00:00:00

Huawei EulerOS: Security Advisory for cpio (EulerOS-SA-2023-3202)

2023-11-10 00:00:00

nessus

Amazon Linux AMI : cpio (ALAS-2024-1925)

2024-03-05 00:00:00

EulerOS 2.0 SP11 : cpio (EulerOS-SA-2023-3237)

2024-01-16 00:00:00

EulerOS Virtualization 2.11.0 : cpio (EulerOS-SA-2024-1425)

2024-03-21 00:00:00

alpinelinux

CVE-2015-1197

2015-02-19 15:59:12

securityvulns

[ MDVSA-2015:066 ] cpio

2015-04-20 00:00:00

libarchive directory traversal

2015-04-20 00:00:00

ubuntucve

CVE-2015-1197

2015-02-19 00:00:00

CVE-2023-7207

2024-02-29 00:00:00

cve

CVE-2015-1197

2015-02-19 15:59:12

CVE-2023-7207

2024-02-29 01:42:59

CVE-2017-7516

2018-01-29 19:29:00

nvd

CVE-2015-1197

2015-02-19 15:59:12

CVE-2017-7516

2018-01-29 19:29:00

CVE-2023-7207

2024-02-29 01:42:59

cvelist

CVE-2015-1197

2015-02-19 00:00:00

CVE-2023-7207

2024-01-05 00:39:49

amazon

Important: cpio

2024-02-28 23:54:00

Important: cpio

2024-02-29 10:03:00

prion

Code injection

2015-02-19 15:59:00

Path traversal

2024-02-29 01:42:00

debiancve

CVE-2015-1197

2015-02-19 15:59:12

CVE-2023-7207

2024-02-29 01:42:59

redhatcve

CVE-2023-7207

2024-02-29 08:04:56

CVE-2017-7516

2018-01-29 12:50:11

securelist

Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)

2022-10-13 08:00:21

freebsd

cpio -- multiple vulnerabilities

2015-03-27 00:00:00

GNU cpio -- multiple vulnerabilities

2019-11-06 00:00:00

thn

Zimbra Releases Patch for Actively Exploited Vulnerability in its Collaboration Suite

2022-10-17 09:50:00

mageia

Updated cpio packages fix security vulnerabilities

2019-11-14 19:58:51

Updated cpio package fixes security vulnerability

2015-02-19 17:43:07

zdt

Zimbra Collaboration Suite TAR Path Traversal Exploit

2022-10-21 00:00:00

packetstorm

Zimbra Collaboration Suite TAR Path Traversal

2022-10-20 00:00:00

ubuntu

GNU cpio vulnerabilities

2016-02-22 00:00:00

metasploit

TAR Path Traversal in Zimbra (CVE-2022-41352)

2022-10-06 17:23:53

gentoo

GNU cpio: Multiple vulnerabilities

2015-02-15 00:00:00

attackerkb

CVE-2022-41352

2022-09-26 00:00:00

rapid7blog

Exploitation of Unpatched Zero-Day Remote Code Execution Vulnerability in Zimbra Collaboration Suite (CVE-2022-41352)

2022-10-06 17:13:34

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.0004 Low

EPSS

Percentile

9.9%

JSON

Related for ASA-201503-22