Untriaged
Permalink
CVE-2023-7216
8.8 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Cpio: extraction allows symlinks which enables remote command execution
A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which could be utilized to run arbitrary commands on the target system.
References
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
- RHBZ#2249901 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
- RHBZ#2249901 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
- RHBZ#2249901 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
- RHBZ#2249901 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
- RHBZ#2249901 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
- RHBZ#2249901 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
- RHBZ#2249901 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
- RHBZ#2249901 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
- RHBZ#2249901 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
- RHBZ#2249901 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
- RHBZ#2249901 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
- RHBZ#2249901 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
- RHBZ#2249901 issue-tracking x_refsource_REDHAT
- RHBZ#2249901 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
- RHBZ#2249901 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
- RHBZ#2249901 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2249901 issue-tracking x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
- RHBZ#2249901 issue-tracking x_refsource_REDHAT
- RHBZ#2249901 issue-tracking x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry x_transferred
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
- RHBZ#2249901 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2249901 issue-tracking x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
- RHBZ#2249901 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2249901 issue-tracking x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
- RHBZ#2249901 issue-tracking x_refsource_REDHAT
- RHBZ#2249901 issue-tracking x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry x_transferred
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
- RHBZ#2249901 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2249901 issue-tracking x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
- RHBZ#2249901 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2249901 issue-tracking x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
- RHBZ#2249901 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2249901 issue-tracking x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
- RHBZ#2249901 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2249901 issue-tracking x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
- RHBZ#2249901 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2249901 issue-tracking x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
- RHBZ#2249901 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2249901 issue-tracking x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
- RHBZ#2249901 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2249901 issue-tracking x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
- RHBZ#2249901 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2249901 issue-tracking x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
- RHBZ#2249901 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2249901 issue-tracking x_refsource_REDHAT x_transferred
Affected products
cpio
Matching in nixpkgs
pkgs.mkinitcpio-nfs-utils
ipconfig and nfsmount tools for root on NFS, ported from klibc
-
nixos-unstable -
- nixpkgs-unstable 0.3
Package maintainers
-
@jmbaur Jared Baur <jaredbaur@fastmail.com>