[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250053

 
 

909

 
 

195940

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2023-7207Date: (C)2024-02-29   (M)2024-04-26


Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.

Reference:
http://www.openwall.com/lists/oss-security/2024/01/05/1
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207
https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=376d663340a9dc91c91a5849e5713f07571c1628
https://www.openwall.com/lists/oss-security/2023/12/21/8

OVAL    7
oval:org.secpod.oval:def:3302213
oval:org.secpod.oval:def:3302315
oval:org.secpod.oval:def:89051413
oval:org.secpod.oval:def:89051410
...
XCCDF    1

© SecPod Technologies