Описание
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-1197. Reason: This candidate is a duplicate of CVE-2015-1197. Notes: All CVE users should reference CVE-2015-1197 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | |
| devel | ignored | |
| esm-infra-legacy/trusty | ignored | |
| esm-infra/xenial | ignored | |
| precise/esm | ignored | |
| trusty | ignored | |
| trusty/esm | ignored | |
| upstream | needs-triage | |
| xenial | ignored |
Показывать по
Связанные уязвимости
[REJECTED CVE] A vulnerability was identified in the GNU cpio package where the --no-absolute-filenames option, intended to restrict extraction to the current directory, can be bypassed using crafted symlinks. During extraction, cpio will first create the symlink and then follow it for subsequent entries, allowing a malicious archive to write files outside the intended directory (e.g., /tmp/file). An attacker could exploit this by tricking a user, into extracting such an archive, potentially leading to arbitrary file creation, privilege escalation, or data corruption.
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-1197. Reason: This candidate is a duplicate of CVE-2015-1197. Notes: All CVE users should reference CVE-2015-1197 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.