Vulnerabilities > GNU > Cpio > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-05 | CVE-2023-7216 | Path Traversal vulnerability in multiple products A path traversal vulnerability was found in the CPIO utility. | 5.3 |
| 2016-02-22 | CVE-2016-2037 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file. | 6.5 |
| 2005-05-02 | CVE-2005-1111 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete. | 4.7 |