Your submission was sent successfully! Close

CVE-2016-2037

Published: 22 January 2016

The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
cpio
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 16.04 ESM (Xenial Xerus)
Released (2.11+dfsg-5ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.11+dfsg-1ubuntu1.2)
Patches:
Other: http://lists.gnu.org/archive/html/bug-cpio/2016-01/msg00005.html