CVE-2015-2304

Published: Mar 15, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

1035996

vdb-entry

x_refsource_SECTRACK

http://advisories.mageia.org/MGASA-2015-0106.html

x_refsource_CONFIRM

https://github.com/libarchive/libarchive/commit/59357157706d47c365b2227739e17daba3607526

x_refsource_CONFIRM

openSUSE-SU-2015:0568

vendor-advisory

x_refsource_SUSE

https://github.com/libarchive/libarchive/pull/110

x_refsource_CONFIRM

FreeBSD-SA-16:22

vendor-advisory

x_refsource_FREEBSD

[oss-security] 20150116 CVE Request: libarchive -- directory traversal in bsdcpio

mailing-list

x_refsource_MLIST

DSA-3180

vendor-advisory

x_refsource_DEBIAN

USN-2549-1

vendor-advisory

x_refsource_UBUNTU

https://groups.google.com/forum/#%21msg/libarchive-discuss/dN9y1VvE1Qk/Z9uerigjQn0J

x_refsource_CONFIRM

GLSA-201701-03

vendor-advisory

x_refsource_GENTOO

MDVSA-2015:157

vendor-advisory

x_refsource_MANDRIVA

[oss-security] 20150108 Directory traversals in cpio and friends?

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2015-2304

Description

Affected Products

References