The cpiosafername_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.
{ "urgency": "not yet assigned" }