CVE-2023-7216

Опубликовано: 05 фев. 2024

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 5.3

Описание

A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which allows files to be written in arbitrary directories through symlinks.

Релиз	Статус	Примечание
bionic	ignored	end of standard support
devel	deferred
esm-infra-legacy/trusty	deferred
esm-infra/bionic	deferred
esm-infra/focal	deferred
esm-infra/xenial	deferred
focal	ignored	end of standard support, was deferred
jammy	deferred
mantic	ignored	end of life, was deferred [2024-09-09]
noble	deferred

Показывать по

Ссылки на источники

EPSS

Процентиль: 39%

0.00178

Низкий

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2023-7216

CVSS3: 5.3

redhat

около 2 лет назад

CVE-2023-7216

CVSS3: 5.3

nvd

около 2 лет назад

CVE-2023-7216

CVSS3: 5.3

debian

около 2 лет назад

A path traversal vulnerability was found in the CPIO utility. This iss ...

GHSA-v9vx-4mxw-76j2

CVSS3: 8.8

github

около 2 лет назад

A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which could be utilized to run arbitrary commands on the target system.

BDU:2024-01091

CVSS3: 8.8

fstec

около 2 лет назад

Уязвимость утилиты архивирования cpio операционных систем Red Hat Enterprise Linux, позволяющая нарушителю выполнить произвольные команды

EPSS

Процентиль: 39%

0.00178

Низкий

5.3 Medium

CVSS3

CVE-2023-7216

Описание

Пакет cpio

Ссылки на источники

Связанные уязвимости