cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-38185,https://securityvulnerability.io/vulnerability/CVE-2021-38185,Integer Overflow Vulnerability in GNU cpio Affects Arbitrary Code Execution,"The GNU cpio product version 2.13 is vulnerable to an integer overflow that allows attackers to execute arbitrary code via a specially crafted pattern file. The issue stems from the ds_fgetstr function within the dstring.c file, which can lead to an out-of-bounds write in the heap memory, potentially compromising the security of the system. It remains unclear whether the pattern file is always considered untrusted data, opening avenues for exploitation under certain conditions.",Gnu,Cpio,7.8,HIGH,0.0019600000232458115,false,,false,false,true,2021-07-19T20:10:13.000Z,true,false,false,,2021-08-08T00:15:00.000Z,0
CVE-2016-2037,https://securityvulnerability.io/vulnerability/CVE-2016-2037,,The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.,Gnu,Cpio,6.5,MEDIUM,0.030820000916719437,false,,false,false,false,,,false,false,,2016-02-22T15:05:00.000Z,0
CVE-2015-1197,https://securityvulnerability.io/vulnerability/CVE-2015-1197,,"cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.",Gnu,Cpio,,,0.0004600000102072954,false,,false,false,false,,,false,false,,2015-02-19T00:00:00.000Z,0
CVE-2014-9112,https://securityvulnerability.io/vulnerability/CVE-2014-9112,,Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.,Gnu,Cpio,,,0.014700000174343586,false,,false,false,false,,,false,false,,2014-12-02T16:00:00.000Z,0
CVE-2010-0624,https://securityvulnerability.io/vulnerability/CVE-2010-0624,,"Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.",Gnu,"Tar,Cpio",,,0.017899999395012856,false,,false,false,false,,,false,false,,2010-03-15T13:28:00.000Z,0
CVE-2005-4268,https://securityvulnerability.io/vulnerability/CVE-2005-4268,,"Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits.",Gnu,Cpio,,,0.006539999973028898,false,,false,false,false,,,false,false,,2005-12-15T18:08:00.000Z,0
CVE-2005-1111,https://securityvulnerability.io/vulnerability/CVE-2005-1111,,"Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.",Gnu,Cpio,4.7,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2005-05-02T04:00:00.000Z,0
CVE-2005-1229,https://securityvulnerability.io/vulnerability/CVE-2005-1229,,Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file.,Gnu,Cpio,,,0.003169999923557043,false,,false,false,false,,,false,false,,2005-05-02T04:00:00.000Z,0