Alexander Cherepanov discovered that bsdcpio, an implementation of the "cpio" program part of the libarchive12 project, is susceptible to a directory traversal vulnerability via absolute paths.