CVE-2015-1197

cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
1.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
VendorProductVersion
gnucpio
2.11
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
cpio
bullseye
2.13+dfsg-7.1~deb11u1
fixed
wheezy
no-dsa
squeeze
no-dsa
bookworm
2.13+dfsg-7.1
fixed
sid
2.15+dfsg-2
fixed
trixie
2.15+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
cpio
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
not-affected
vivid
ignored
utopic
ignored
trusty
Fixed 2.11+dfsg-1ubuntu1.2
released
precise
Fixed 2.11-7ubuntu3.2
released
lucid
ignored