Vulnerability Description
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Cpio | 2.13 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2024/01/05/1Mailing List
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163Issue Tracking
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207Third Party Advisory
- https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=376d663340a9dc91c91a5849e5Mailing ListPatch
- https://www.openwall.com/lists/oss-security/2023/12/21/8Mailing List
- http://www.openwall.com/lists/oss-security/2024/01/05/1Mailing List
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163Issue Tracking
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207Third Party Advisory
- https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=376d663340a9dc91c91a5849e5Mailing ListPatch
- https://www.openwall.com/lists/oss-security/2023/12/21/8Mailing List
FAQ
What is CVE-2023-7207?
CVE-2023-7207 is a vulnerability with a CVSS score of 4.9 (MEDIUM). Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provide...
How severe is CVE-2023-7207?
CVE-2023-7207 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-7207?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Cpio.