Nixpkgs security tracker
Untriaged
Permalink
CVE-2023-7207
4.9 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): HIGH
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): NONE
- Availability impact (A): NONE
Debian's cpio contains a path traversal vulnerability. This issue was …
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.
References
-
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163 issue-tracking
-
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207 issue-tracking
-
-
-
-
http://www.openwall.com/lists/oss-security/2024/01/05/1 x_transferred
-
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163 issue-tracking
-
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207 issue-tracking
-
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163 issue-tracking
-
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207 issue-tracking
-
-
-
-
http://www.openwall.com/lists/oss-security/2024/01/05/1 x_transferred
-
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163 issue-tracking
-
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207 issue-tracking
-
-
-
-
http://www.openwall.com/lists/oss-security/2024/01/05/1 x_transferred
-
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163 issue-tracking
-
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207 issue-tracking
-
-
-
-
http://www.openwall.com/lists/oss-security/2024/01/05/1 x_transferred
Affected products
cpio
- <2.14+dfsg-1
Matching in nixpkgs
pkgs.cpio
Program to create or extract from cpio archives
pkgs.mkinitcpio-nfs-utils
ipconfig and nfsmount tools for root on NFS, ported from klibc
pkgs.emacsPackages.cpio-mode
None
Package maintainers
-
@abbradar Nikolay Amiantov <ab@fmap.me>