Untriaged
Permalink
CVE-2023-7207
4.9 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): HIGH
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): NONE
- Availability impact (A): NONE
Debian's cpio contains a path traversal vulnerability. This issue was …
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.
References
- https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=376d663340a9dc91c91a5849e… patch
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163 issue-tracking
- https://www.openwall.com/lists/oss-security/2023/12/21/8 mailing-list
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207 issue-tracking
- http://www.openwall.com/lists/oss-security/2024/01/05/1
- https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=376d663340a9dc91c91a5849e… patch
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163 issue-tracking
- https://www.openwall.com/lists/oss-security/2023/12/21/8 mailing-list
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207 issue-tracking
- http://www.openwall.com/lists/oss-security/2024/01/05/1
- https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=376d663340a9dc91c91a5849e… patch x_transferred
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163 issue-tracking x_transferred
- https://www.openwall.com/lists/oss-security/2023/12/21/8 mailing-list x_transferred
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207 issue-tracking x_transferred
- http://www.openwall.com/lists/oss-security/2024/01/05/1 x_transferred
- https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=376d663340a9dc91c91a5849e… patch
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163 issue-tracking
- https://www.openwall.com/lists/oss-security/2023/12/21/8 mailing-list
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207 issue-tracking
- http://www.openwall.com/lists/oss-security/2024/01/05/1
- https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=376d663340a9dc91c91a5849e… patch x_transferred
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163 issue-tracking x_transferred
- https://www.openwall.com/lists/oss-security/2023/12/21/8 mailing-list x_transferred
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207 issue-tracking x_transferred
- http://www.openwall.com/lists/oss-security/2024/01/05/1 x_transferred
- https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=376d663340a9dc91c91a5849e… patch
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163 issue-tracking
- https://www.openwall.com/lists/oss-security/2023/12/21/8 mailing-list
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207 issue-tracking
- http://www.openwall.com/lists/oss-security/2024/01/05/1
- https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=376d663340a9dc91c91a5849e… patch x_transferred
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163 issue-tracking x_transferred
- https://www.openwall.com/lists/oss-security/2023/12/21/8 mailing-list x_transferred
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207 issue-tracking x_transferred
- http://www.openwall.com/lists/oss-security/2024/01/05/1 x_transferred
Affected products
cpio
- <2.14+dfsg-1
Matching in nixpkgs
pkgs.mkinitcpio-nfs-utils
ipconfig and nfsmount tools for root on NFS, ported from klibc
-
nixos-unstable -
- nixpkgs-unstable 0.3
Package maintainers
-
@jmbaur Jared Baur <jaredbaur@fastmail.com>