VULHUB ™

cpio is prone to a security vulnerability when unpacking .tar archives. The problem is in the handling of pathnames. By specifying a path for an archived item which points outside the expected directory scope, the creator of the archive can cause the file to be extracted to arbitrary locations on the filesystem. An attacker may take advantage of this vulnerability to cause malicious files to be placed anywhere on a target filesystem.

cpio is prone to a security vulnerability when unpacking .tar archives. The problem is in the handling of pathnames. By specifying a path for an archived item which points outside the expected directory scope, the creator of the archive can cause the file to be extracted to arbitrary locations on the filesystem. An attacker may take advantage of this vulnerability to cause malicious files to be placed anywhere on a target filesystem.