vulnerability

FreeBSD: VID-f59af308-07f3-11ea-8c56-f8b156b6dcc8 (CVE-2016-2037): GNU cpio -- multiple vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:N/A:P)	Nov 15, 2019	Nov 16, 2019	Dec 10, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:N/A:P)

Published

Nov 15, 2019

Added

Nov 16, 2019

Modified

Dec 10, 2025

Description

Sergey Poznyakoff reports: This stable release fixes several potential vulnerabilities CVE-2015-1197: cpio, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. CVE-2016-2037: The cpio_safer_name_suffix function in util.c allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file. CVE-2019-14866: Improper input validation when writing tar header fields leads to unexpected tar generation.

Solution

freebsd-upgrade-package-gcpio

References

CVE-2016-2037
https://attackerkb.com/topics/CVE-2016-2037
CWE-119

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today