CVE-2023-7207

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-7207

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-7207.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-7207

Downstream

DEBIAN-CVE-2023-7207

SUSE-SU-2024:0238-1

SUSE-SU-2024:0248-1

SUSE-SU-2024:0305-1

SUSE-SU-2024:0305-2

SUSE-SU-2024:0305-3

SUSE-SU-2024:0824-1

SUSE-SU-2024:0825-1

UBUNTU-CVE-2023-7207

USN-6755-1

openSUSE-SU-2024:13653-1

Related

Published

2024-02-29T01:42:59.920Z

Modified

2025-12-04T20:56:47.772530Z

Severity

4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.

References

Affected packages

Git / cgit.git.savannah.gnu.org/cgit/cpio.git

Affected ranges

Type: GIT
Repo: https://cgit.git.savannah.gnu.org/cgit/cpio.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

376d663340a9dc91c91a5849e5713f07571c1628

Git / git.savannah.gnu.org/git/cpio.git

Affected ranges

Type: GIT
Repo: https://git.savannah.gnu.org/git/cpio.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected