cpio (SUSE:Linux Enterprise Server 12 SP5) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 12 SP5 package cpio, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2021-38185 — CVSS 7.8 (high): GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer…
CVE-2019-14866 — CVSS 7.3 (high): In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR…
CVE-2023-7207 — CVSS 4.9 (medium): Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a…