Every CVE whose affected-product data names Gnu Cpio, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2021-38185 — CVSS 7.8 (high): GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer…
CVE-2019-14866 — CVSS 7.3 (high): In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR…
CVE-2010-4226 — CVSS 7.2 (high): cpio, as used in build 2007.05.10, 2010.07.28, and possibly other versions, allows remote attackers to overwrite arbitrary files via a…
CVE-2010-0624 — CVSS 6.8 (medium): Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio…
CVE-2016-2037 — CVSS 6.5 (medium): The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a…
CVE-2023-7216 — CVSS 5.3 (medium): A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into…
CVE-2014-9112 — CVSS 5.0 (medium): Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a…
CVE-2023-7207 — CVSS 4.9 (medium): Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a…
CVE-2005-1111 — CVSS 4.7 (medium): Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while…
CVE-2005-1229 — CVSS 4.6 (medium): Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a…
CVE-2005-4268 — CVSS 3.7 (low): Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service…
CVE-2015-1197 — CVSS 1.9 (low): cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in…