Nixpkgs Security Tracker

Untriaged

Permalink CVE-2023-7216

8.8 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

Cpio: extraction allows symlinks which enables remote command execution

A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which could be utilized to run arbitrary commands on the target system.

References

https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT
RHBZ#2249901 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-7216 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT x_transferred
https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT
RHBZ#2249901 issue-tracking x_refsource_REDHAT x_transferred
https://access.redhat.com/security/cve/CVE-2023-7216 x_transferred x_refsource_REDHAT vdb-entry
https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-7216 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT x_transferred
https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-7216 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT x_transferred
https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT
RHBZ#2249901 issue-tracking x_refsource_REDHAT x_transferred
https://access.redhat.com/security/cve/CVE-2023-7216 x_transferred x_refsource_REDHAT vdb-entry
https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-7216 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT x_transferred
https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-7216 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT x_transferred
https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-7216 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT x_transferred
https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-7216 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT x_transferred
https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-7216 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT x_transferred
https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-7216 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT x_transferred
https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-7216 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT x_transferred
https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-7216 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT x_transferred
https://access.redhat.com/security/cve/CVE-2023-7216 x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-7216 x_transferred x_refsource_REDHAT vdb-entry
RHBZ#2249901 issue-tracking x_refsource_REDHAT x_transferred

Affected products

cpio

Matching in nixpkgs

pkgs.cpio

Program to create or extract from cpio archives

nixos-unstable -
- nixpkgs-unstable 2.15

pkgs._3cpio

Manage initrd cpio archives

nixos-unstable -
- nixpkgs-unstable 0.11.0

pkgs.mkinitcpio-nfs-utils

ipconfig and nfsmount tools for root on NFS, ported from klibc

nixos-unstable -
- nixpkgs-unstable 0.3

Package maintainers

@jmbaur Jared Baur <jaredbaur@fastmail.com>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.cpio

pkgs._3cpio

pkgs.mkinitcpio-nfs-utils

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.cpio

pkgs._3cpio

pkgs.mkinitcpio-nfs-utils

Package maintainers