Vulnerability-Lookup

CVE-2023-7207 (GCVE-0-2023-7207)

Vulnerability from cvelistv5 – Published: 2024-01-05 00:39 – Updated: 2025-05-07 20:19

Summary

Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.

Severity

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

canonical

References

5 references

URL	Tags
https://git.savannah.gnu.org/cgit/cpio.git/commit…	patch
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug…	issue-tracking
https://www.openwall.com/lists/oss-security/2023/…	mailing-list
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CV…	issue-tracking
http://www.openwall.com/lists/oss-security/2024/01/05/1

Impacted products

1 product

Vendor	Product	Version
Debian	Debian cpio	Affected: 0 , < 2.14+dfsg-1 (semver)

Credits

Ingo Brückl

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-7207",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-07T20:19:09.313064Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-22",
                "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-07T20:19:53.516Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:57:35.151Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=376d663340a9dc91c91a5849e5713f07571c1628"
          },
          {
            "tags": [
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163"
          },
          {
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2023/12/21/8"
          },
          {
            "tags": [
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/01/05/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "packageName": "cpio",
          "platforms": [
            "Linux"
          ],
          "product": "Debian cpio",
          "vendor": "Debian",
          "versions": [
            {
              "lessThan": "2.14+dfsg-1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Ingo Br\u00fcckl"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Debian\u0027s cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-05T15:06:12.336Z",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=376d663340a9dc91c91a5849e5713f07571c1628"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163"
        },
        {
          "tags": [
            "mailing-list"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2023/12/21/8"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/01/05/1"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2023-7207",
    "datePublished": "2024-01-05T00:39:49.690Z",
    "dateReserved": "2024-01-05T00:09:37.741Z",
    "dateUpdated": "2025-05-07T20:19:53.516Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-7207",
      "date": "2026-05-27",
      "epss": "0.00061",
      "percentile": "0.18957"
    },
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Debian\u0027s cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.\"}, {\"lang\": \"es\", \"value\": \"El cpio de Debian contiene una vulnerabilidad de path traversal. Este problema se introdujo al revertir los parches CVE-2015-1197 que hab\\u00edan provocado una regresi\\u00f3n en --no-absolute-filenames. Desde entonces, Upstream ha proporcionado una soluci\\u00f3n adecuada para --no-absolute-filenames.\"}]",
      "id": "CVE-2023-7207",
      "lastModified": "2024-11-21T08:45:30.623",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security@ubuntu.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 4.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 3.6}]}",
      "published": "2024-02-29T01:42:59.920",
      "references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2024/01/05/1\", \"source\": \"security@ubuntu.com\"}, {\"url\": \"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163\", \"source\": \"security@ubuntu.com\"}, {\"url\": \"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207\", \"source\": \"security@ubuntu.com\"}, {\"url\": \"https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=376d663340a9dc91c91a5849e5713f07571c1628\", \"source\": \"security@ubuntu.com\"}, {\"url\": \"https://www.openwall.com/lists/oss-security/2023/12/21/8\", \"source\": \"security@ubuntu.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/01/05/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=376d663340a9dc91c91a5849e5713f07571c1628\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.openwall.com/lists/oss-security/2023/12/21/8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security@ubuntu.com",
      "vulnStatus": "Awaiting Analysis"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-7207\",\"sourceIdentifier\":\"security@ubuntu.com\",\"published\":\"2024-02-29T01:42:59.920\",\"lastModified\":\"2025-08-26T17:19:09.897\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Debian\u0027s cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.\"},{\"lang\":\"es\",\"value\":\"El cpio de Debian contiene una vulnerabilidad de path traversal. Este problema se introdujo al revertir los parches CVE-2015-1197 que hab\u00edan provocado una regresi\u00f3n en --no-absolute-filenames. Desde entonces, Upstream ha proporcionado una soluci\u00f3n adecuada para --no-absolute-filenames.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@ubuntu.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:cpio:2.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A3C40DA-85F5-42BC-9520-FB44ACC6F683\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2024/01/05/1\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=376d663340a9dc91c91a5849e5713f07571c1628\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2023/12/21/8\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/01/05/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=376d663340a9dc91c91a5849e5713f07571c1628\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2023/12/21/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"packageName\": \"cpio\", \"product\": \"Debian cpio\", \"vendor\": \"Debian\", \"platforms\": [\"Linux\"], \"versions\": [{\"lessThan\": \"2.14+dfsg-1\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\"}]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Debian\u0027s cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.\"}], \"references\": [{\"tags\": [\"patch\"], \"url\": \"https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=376d663340a9dc91c91a5849e5713f07571c1628\"}, {\"tags\": [\"issue-tracking\"], \"url\": \"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163\"}, {\"tags\": [\"mailing-list\"], \"url\": \"https://www.openwall.com/lists/oss-security/2023/12/21/8\"}, {\"tags\": [\"issue-tracking\"], \"url\": \"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/01/05/1\"}], \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Ingo Br\\u00fcckl\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 4.9, \"baseSeverity\": \"MEDIUM\"}}], \"providerMetadata\": {\"orgId\": \"cc1ad9ee-3454-478d-9317-d3e869d708bc\", \"shortName\": \"canonical\", \"dateUpdated\": \"2024-01-05T15:06:12.336Z\"}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T08:57:35.151Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"tags\": [\"patch\", \"x_transferred\"], \"url\": \"https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=376d663340a9dc91c91a5849e5713f07571c1628\"}, {\"tags\": [\"issue-tracking\", \"x_transferred\"], \"url\": \"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163\"}, {\"tags\": [\"mailing-list\", \"x_transferred\"], \"url\": \"https://www.openwall.com/lists/oss-security/2023/12/21/8\"}, {\"tags\": [\"issue-tracking\", \"x_transferred\"], \"url\": \"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/01/05/1\", \"tags\": [\"x_transferred\"]}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-7207\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-07T20:19:09.313064Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-23T19:01:15.814Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-7207\", \"assignerOrgId\": \"cc1ad9ee-3454-478d-9317-d3e869d708bc\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"canonical\", \"dateReserved\": \"2024-01-05T00:09:37.741Z\", \"datePublished\": \"2024-01-05T00:39:49.690Z\", \"dateUpdated\": \"2025-05-07T20:19:53.516Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2025-AVI-0585

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans VMware Tanzu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
VMware	Tanzu	Tanzu pour Valkey versions antérieures à 8.1.2
VMware	Tanzu	Tanzu pour Postgres sur Kubernetes versions antérieures à 4.2.1
VMware	Tanzu	Tanzu Greenplum versions antérieures à 6.30.0

References

Title

Publication Time

CERTFR-2025-AVI-0585

Vulnerability from certfr_avis - Published: - Updated:

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
VMware	Tanzu	Tanzu pour Valkey versions antérieures à 8.1.2
VMware	Tanzu	Tanzu pour Postgres sur Kubernetes versions antérieures à 4.2.1
VMware	Tanzu	Tanzu Greenplum versions antérieures à 6.30.0

References

Title

Publication Time

BDU:2024-06679

Vulnerability from fstec - Published: 27.04.2023

Title

Уязвимость двоичного архиватора cpio, связанная с неправильным ограничением имени пути к ограниченному каталогу, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость двоичного архиватора cpio связана с регрессией при использовании параметра командной строки --no-absolute-filenames. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании

Severity


                    
                      AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Vendor

ООО «Ред Софт», ООО «РусБИТех-Астра», АО «ИВК», Сообщество свободного программного обеспечения

Software Name

РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition (запись в едином реестре российских программ №369), Альт 8 СП (запись в едином реестре российских программ №4305), АЛЬТ СП 10, cpio

Software Version

7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), - (Альт 8 СП), 4.7 (Astra Linux Special Edition), - (АЛЬТ СП 10), до 0.1041.0.47 до 1.3.32.0 до 2.32.6.20.12.7.59 (cpio)

Possible Mitigations

Для cpio: https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=376d663340a9dc91c91a5849e5713f07571c1628 Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ Для Astra Linux Special Edition 1.7: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17 Для Astra Linux Special Edition 4.7 для архитектуры ARM: обновить пакет cpio до 2.13+dfsg-7.1+ci4 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47 Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства: https://altsp.su/obnovleniya-bezopasnosti/ Для ОС АЛЬТ СП 10: установка обновления из публичного репозитория программного средства: https://altsp.su/obnovleniya-bezopasnosti/

Reference

https://redos.red-soft.ru/support/secure/ https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=376d663340a9dc91c91a5849e5713f07571c1628 https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47 https://altsp.su/obnovleniya-bezopasnosti/ https://altsp.su/obnovleniya-bezopasnosti/

CWE

CWE-22

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
  "CVSS 3.0": "AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), 4.7 (Astra Linux Special Edition), - (\u0410\u041b\u042c\u0422 \u0421\u041f 10), \u0434\u043e 0.1041.0.47 \u0434\u043e 1.3.32.0 \u0434\u043e 2.32.6.20.12.7.59 (cpio)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f cpio:\nhttps://git.savannah.gnu.org/cgit/cpio.git/commit/?id=376d663340a9dc91c91a5849e5713f07571c1628\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f Astra Linux Special Edition 1.7:\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7 \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 cpio \u0434\u043e 2.13+dfsg-7.1+ci4 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430: https://altsp.su/obnovleniya-bezopasnosti/\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u041b\u042c\u0422 \u0421\u041f 10: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430: https://altsp.su/obnovleniya-bezopasnosti/",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "27.04.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.04.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "04.09.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-06679",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-7207",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041b\u042c\u0422 \u0421\u041f 10, cpio",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f -  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u041b\u042c\u0422 \u0421\u041f 10 - ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0432\u043e\u0438\u0447\u043d\u043e\u0433\u043e \u0430\u0440\u0445\u0438\u0432\u0430\u0442\u043e\u0440\u0430 cpio, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u043c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435\u043c \u0438\u043c\u0435\u043d\u0438 \u043f\u0443\u0442\u0438 \u043a \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u043e\u043c\u0443 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0443, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0432\u0435\u0440\u043d\u043e\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0438\u043c\u0435\u043d\u0438 \u043f\u0443\u0442\u0438 \u043a \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0443 \u0441 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c (\u00ab\u041e\u0431\u0445\u043e\u0434 \u043f\u0443\u0442\u0438\u00bb) (CWE-22)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0432\u043e\u0438\u0447\u043d\u043e\u0433\u043e \u0430\u0440\u0445\u0438\u0432\u0430\u0442\u043e\u0440\u0430 cpio \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0440\u0435\u0433\u0440\u0435\u0441\u0441\u0438\u0435\u0439 \u043f\u0440\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0430 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 --no-absolute-filenames. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://redos.red-soft.ru/support/secure/\nhttps://git.savannah.gnu.org/cgit/cpio.git/commit/?id=376d663340a9dc91c91a5849e5713f07571c1628\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://altsp.su/obnovleniya-bezopasnosti/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-22",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 2,1)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4)"
}

FKIE_CVE-2023-7207

Vulnerability from fkie_nvd - Published: 2024-02-29 01:42 - Updated: 2025-08-26 17:19

Severity

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
security@ubuntu.com	http://www.openwall.com/lists/oss-security/2024/01/05/1	Mailing List
security@ubuntu.com	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163	Issue Tracking
security@ubuntu.com	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207	Third Party Advisory
security@ubuntu.com	https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=376d663340a9dc91c91a5849e5713f07571c1628	Mailing List, Patch
security@ubuntu.com	https://www.openwall.com/lists/oss-security/2023/12/21/8	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2024/01/05/1	Mailing List
af854a3a-2127-422b-91ae-364da2661108	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=376d663340a9dc91c91a5849e5713f07571c1628	Mailing List, Patch
af854a3a-2127-422b-91ae-364da2661108	https://www.openwall.com/lists/oss-security/2023/12/21/8	Mailing List

Impacted products

	Vendor	Product	Version
	gnu	cpio	2.13

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:cpio:2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A3C40DA-85F5-42BC-9520-FB44ACC6F683",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Debian\u0027s cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames."
    },
    {
      "lang": "es",
      "value": "El cpio de Debian contiene una vulnerabilidad de path traversal. Este problema se introdujo al revertir los parches CVE-2015-1197 que hab\u00edan provocado una regresi\u00f3n en --no-absolute-filenames. Desde entonces, Upstream ha proporcionado una soluci\u00f3n adecuada para --no-absolute-filenames."
    }
  ],
  "id": "CVE-2023-7207",
  "lastModified": "2025-08-26T17:19:09.897",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "security@ubuntu.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-02-29T01:42:59.920",
  "references": [
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2024/01/05/1"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=376d663340a9dc91c91a5849e5713f07571c1628"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Mailing List"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2023/12/21/8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2024/01/05/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=376d663340a9dc91c91a5849e5713f07571c1628"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2023/12/21/8"
    }
  ],
  "sourceIdentifier": "security@ubuntu.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GHSA-X4GQ-XCR8-XWP7

Vulnerability from github – Published: 2024-02-29 03:33 – Updated: 2024-02-29 03:33

Details

Severity

4.9 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-7207"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-29T01:42:59Z",
    "severity": "MODERATE"
  },
  "details": "Debian\u0027s cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.",
  "id": "GHSA-x4gq-xcr8-xwp7",
  "modified": "2024-02-29T03:33:15Z",
  "published": "2024-02-29T03:33:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7207"
    },
    {
      "type": "WEB",
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163"
    },
    {
      "type": "WEB",
      "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207"
    },
    {
      "type": "WEB",
      "url": "https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=376d663340a9dc91c91a5849e5713f07571c1628"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2023/12/21/8"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/01/05/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2023-7207

Vulnerability from gsd - Updated: 2024-01-05 06:01

Details

Aliases

CVE-2023-7207

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-7207"
      ],
      "details": "Debian\u0027s cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.",
      "id": "GSD-2023-7207",
      "modified": "2024-01-05T06:01:22.980299Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@ubuntu.com",
        "ID": "CVE-2023-7207",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Debian cpio",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "0",
                          "version_value": "2.14+dfsg-1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Debian"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Ingo Br\u00fcckl"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Debian\u0027s cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=376d663340a9dc91c91a5849e5713f07571c1628",
            "refsource": "MISC",
            "url": "https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=376d663340a9dc91c91a5849e5713f07571c1628"
          },
          {
            "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163",
            "refsource": "MISC",
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163"
          },
          {
            "name": "https://www.openwall.com/lists/oss-security/2023/12/21/8",
            "refsource": "MISC",
            "url": "https://www.openwall.com/lists/oss-security/2023/12/21/8"
          },
          {
            "name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207",
            "refsource": "MISC",
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2024/01/05/1",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2024/01/05/1"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "Debian\u0027s cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames."
          }
        ],
        "id": "CVE-2023-7207",
        "lastModified": "2024-02-29T13:49:29.390",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 1.2,
              "impactScore": 3.6,
              "source": "security@ubuntu.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-02-29T01:42:59.920",
        "references": [
          {
            "source": "security@ubuntu.com",
            "url": "http://www.openwall.com/lists/oss-security/2024/01/05/1"
          },
          {
            "source": "security@ubuntu.com",
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163"
          },
          {
            "source": "security@ubuntu.com",
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207"
          },
          {
            "source": "security@ubuntu.com",
            "url": "https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=376d663340a9dc91c91a5849e5713f07571c1628"
          },
          {
            "source": "security@ubuntu.com",
            "url": "https://www.openwall.com/lists/oss-security/2023/12/21/8"
          }
        ],
        "sourceIdentifier": "security@ubuntu.com",
        "vulnStatus": "Awaiting Analysis"
      }
    }
  }
}

MSRC_CVE-2023-7207

Vulnerability from csaf_microsoft - Published: 2024-01-01 08:00 - Updated: 2026-02-20 23:17

Summary

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

CVE-2023-7207

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: 17086-1		—
Unresolved product id: 17086-2		—

References

4 references

URL	Category
https://msrc.microsoft.com/csaf/vex/2024/msrc_cve…	self
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/csaf/vex/2024/msrc_cve…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2023-7207 Debian\u0027s cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames. - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2023-7207.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Debian\u0027s cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.",
    "tracking": {
      "current_release_date": "2026-02-20T23:17:19.000Z",
      "generator": {
        "date": "2026-02-21T01:47:58.649Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2023-7207",
      "initial_release_date": "2024-01-01T08:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-09-03T21:21:35.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2026-02-20T23:17:19.000Z",
          "legacy_version": "2",
          "number": "2",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "category": "product_name",
            "name": "cbl2 cpio 2.13-5",
            "product": {
              "name": "cbl2 cpio 2.13-5",
              "product_id": "1"
            }
          },
          {
            "category": "product_name",
            "name": "cbl2 cpio 2.13-5",
            "product": {
              "name": "cbl2 cpio 2.13-5",
              "product_id": "2"
            }
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 cpio 2.13-5 as a component of CBL Mariner 2.0",
          "product_id": "17086-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 cpio 2.13-5 as a component of CBL Mariner 2.0",
          "product_id": "17086-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "17086"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-7207",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0026#39;Path Traversal\u0026#39;)"
      },
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "17086-1",
            "17086-2"
          ]
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "canonical",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "17086-1",
          "17086-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-7207 Debian\u0027s cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames. - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2023-7207.json"
        }
      ],
      "title": "Debian\u0027s cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames."
    }
  ]
}

OPENSUSE-SU-2024:13653-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

cpio-2.15-1.1 on GA media

Severity

Moderate

Notes

Title of the patch: cpio-2.15-1.1 on GA media

Description of the patch: These are all security issues fixed in the cpio-2.15-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2024-13653

CVE-2023-7207

4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:cpio-2.15-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:cpio-2.15-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:cpio-2.15-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:cpio-2.15-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:cpio-lang-2.15-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:cpio-lang-2.15-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:cpio-lang-2.15-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:cpio-lang-2.15-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:cpio-mt-2.15-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:cpio-mt-2.15-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:cpio-mt-2.15-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:cpio-mt-2.15-1.1.x86_64	—	Vendor Fix

Threats

Impact low

References

5 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2023-7207/	self
https://www.suse.com/security/cve/CVE-2023-7207	external
https://bugzilla.suse.com/1218571	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "cpio-2.15-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the cpio-2.15-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-13653",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13653-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-7207 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-7207/"
      }
    ],
    "title": "cpio-2.15-1.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:13653-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cpio-2.15-1.1.aarch64",
                "product": {
                  "name": "cpio-2.15-1.1.aarch64",
                  "product_id": "cpio-2.15-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "cpio-lang-2.15-1.1.aarch64",
                "product": {
                  "name": "cpio-lang-2.15-1.1.aarch64",
                  "product_id": "cpio-lang-2.15-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "cpio-mt-2.15-1.1.aarch64",
                "product": {
                  "name": "cpio-mt-2.15-1.1.aarch64",
                  "product_id": "cpio-mt-2.15-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cpio-2.15-1.1.ppc64le",
                "product": {
                  "name": "cpio-2.15-1.1.ppc64le",
                  "product_id": "cpio-2.15-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "cpio-lang-2.15-1.1.ppc64le",
                "product": {
                  "name": "cpio-lang-2.15-1.1.ppc64le",
                  "product_id": "cpio-lang-2.15-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "cpio-mt-2.15-1.1.ppc64le",
                "product": {
                  "name": "cpio-mt-2.15-1.1.ppc64le",
                  "product_id": "cpio-mt-2.15-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cpio-2.15-1.1.s390x",
                "product": {
                  "name": "cpio-2.15-1.1.s390x",
                  "product_id": "cpio-2.15-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "cpio-lang-2.15-1.1.s390x",
                "product": {
                  "name": "cpio-lang-2.15-1.1.s390x",
                  "product_id": "cpio-lang-2.15-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "cpio-mt-2.15-1.1.s390x",
                "product": {
                  "name": "cpio-mt-2.15-1.1.s390x",
                  "product_id": "cpio-mt-2.15-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cpio-2.15-1.1.x86_64",
                "product": {
                  "name": "cpio-2.15-1.1.x86_64",
                  "product_id": "cpio-2.15-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "cpio-lang-2.15-1.1.x86_64",
                "product": {
                  "name": "cpio-lang-2.15-1.1.x86_64",
                  "product_id": "cpio-lang-2.15-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "cpio-mt-2.15-1.1.x86_64",
                "product": {
                  "name": "cpio-mt-2.15-1.1.x86_64",
                  "product_id": "cpio-mt-2.15-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-2.15-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cpio-2.15-1.1.aarch64"
        },
        "product_reference": "cpio-2.15-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-2.15-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cpio-2.15-1.1.ppc64le"
        },
        "product_reference": "cpio-2.15-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-2.15-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cpio-2.15-1.1.s390x"
        },
        "product_reference": "cpio-2.15-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-2.15-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cpio-2.15-1.1.x86_64"
        },
        "product_reference": "cpio-2.15-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-lang-2.15-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cpio-lang-2.15-1.1.aarch64"
        },
        "product_reference": "cpio-lang-2.15-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-lang-2.15-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cpio-lang-2.15-1.1.ppc64le"
        },
        "product_reference": "cpio-lang-2.15-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-lang-2.15-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cpio-lang-2.15-1.1.s390x"
        },
        "product_reference": "cpio-lang-2.15-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-lang-2.15-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cpio-lang-2.15-1.1.x86_64"
        },
        "product_reference": "cpio-lang-2.15-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-mt-2.15-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cpio-mt-2.15-1.1.aarch64"
        },
        "product_reference": "cpio-mt-2.15-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-mt-2.15-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cpio-mt-2.15-1.1.ppc64le"
        },
        "product_reference": "cpio-mt-2.15-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-mt-2.15-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cpio-mt-2.15-1.1.s390x"
        },
        "product_reference": "cpio-mt-2.15-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-mt-2.15-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cpio-mt-2.15-1.1.x86_64"
        },
        "product_reference": "cpio-mt-2.15-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-7207",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-7207"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Debian\u0027s cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:cpio-2.15-1.1.aarch64",
          "openSUSE Tumbleweed:cpio-2.15-1.1.ppc64le",
          "openSUSE Tumbleweed:cpio-2.15-1.1.s390x",
          "openSUSE Tumbleweed:cpio-2.15-1.1.x86_64",
          "openSUSE Tumbleweed:cpio-lang-2.15-1.1.aarch64",
          "openSUSE Tumbleweed:cpio-lang-2.15-1.1.ppc64le",
          "openSUSE Tumbleweed:cpio-lang-2.15-1.1.s390x",
          "openSUSE Tumbleweed:cpio-lang-2.15-1.1.x86_64",
          "openSUSE Tumbleweed:cpio-mt-2.15-1.1.aarch64",
          "openSUSE Tumbleweed:cpio-mt-2.15-1.1.ppc64le",
          "openSUSE Tumbleweed:cpio-mt-2.15-1.1.s390x",
          "openSUSE Tumbleweed:cpio-mt-2.15-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-7207",
          "url": "https://www.suse.com/security/cve/CVE-2023-7207"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218571 for CVE-2023-7207",
          "url": "https://bugzilla.suse.com/1218571"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:cpio-2.15-1.1.aarch64",
            "openSUSE Tumbleweed:cpio-2.15-1.1.ppc64le",
            "openSUSE Tumbleweed:cpio-2.15-1.1.s390x",
            "openSUSE Tumbleweed:cpio-2.15-1.1.x86_64",
            "openSUSE Tumbleweed:cpio-lang-2.15-1.1.aarch64",
            "openSUSE Tumbleweed:cpio-lang-2.15-1.1.ppc64le",
            "openSUSE Tumbleweed:cpio-lang-2.15-1.1.s390x",
            "openSUSE Tumbleweed:cpio-lang-2.15-1.1.x86_64",
            "openSUSE Tumbleweed:cpio-mt-2.15-1.1.aarch64",
            "openSUSE Tumbleweed:cpio-mt-2.15-1.1.ppc64le",
            "openSUSE Tumbleweed:cpio-mt-2.15-1.1.s390x",
            "openSUSE Tumbleweed:cpio-mt-2.15-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:cpio-2.15-1.1.aarch64",
            "openSUSE Tumbleweed:cpio-2.15-1.1.ppc64le",
            "openSUSE Tumbleweed:cpio-2.15-1.1.s390x",
            "openSUSE Tumbleweed:cpio-2.15-1.1.x86_64",
            "openSUSE Tumbleweed:cpio-lang-2.15-1.1.aarch64",
            "openSUSE Tumbleweed:cpio-lang-2.15-1.1.ppc64le",
            "openSUSE Tumbleweed:cpio-lang-2.15-1.1.s390x",
            "openSUSE Tumbleweed:cpio-lang-2.15-1.1.x86_64",
            "openSUSE Tumbleweed:cpio-mt-2.15-1.1.aarch64",
            "openSUSE Tumbleweed:cpio-mt-2.15-1.1.ppc64le",
            "openSUSE Tumbleweed:cpio-mt-2.15-1.1.s390x",
            "openSUSE Tumbleweed:cpio-mt-2.15-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2023-7207"
    }
  ]
}

SUSE-SU-2024:0238-1

Vulnerability from csaf_suse - Published: 2024-01-26 09:56 - Updated: 2024-01-26 09:56

Summary

Security update for cpio

Severity

Moderate

Notes

Title of the patch: Security update for cpio

Description of the patch: This update for cpio fixes the following issues: - CVE-2023-7207: Fixed a path traversal issue that could lead to an arbitrary file write during archive extraction (bsc#1218571).

Patchnames: SUSE-2024-238,SUSE-SLE-Micro-5.3-2024-238,SUSE-SLE-Micro-5.4-2024-238,SUSE-SLE-Micro-5.5-2024-238,SUSE-SLE-Module-Basesystem-15-SP5-2024-238,openSUSE-Leap-Micro-5.3-2024-238,openSUSE-Leap-Micro-5.4-2024-238,openSUSE-SLE-15.5-2024-238

CVE-2023-7207

4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected products

Recommended 32 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Micro 5.3:cpio-2.13-150400.3.3.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.3:cpio-2.13-150400.3.3.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.3:cpio-2.13-150400.3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.4:cpio-2.13-150400.3.3.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.4:cpio-2.13-150400.3.3.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.4:cpio-2.13-150400.3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:cpio-2.13-150400.3.3.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:cpio-2.13-150400.3.3.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Micro 5.5:cpio-2.13-150400.3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-2.13-150400.3.3.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-2.13-150400.3.3.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-2.13-150400.3.3.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-2.13-150400.3.3.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-lang-2.13-150400.3.3.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-mt-2.13-150400.3.3.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-mt-2.13-150400.3.3.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-mt-2.13-150400.3.3.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-mt-2.13-150400.3.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:cpio-2.13-150400.3.3.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:cpio-2.13-150400.3.3.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:cpio-2.13-150400.3.3.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:cpio-2.13-150400.3.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:cpio-lang-2.13-150400.3.3.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:cpio-mt-2.13-150400.3.3.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:cpio-mt-2.13-150400.3.3.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:cpio-mt-2.13-150400.3.3.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.5:cpio-mt-2.13-150400.3.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap Micro 5.3:cpio-2.13-150400.3.3.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap Micro 5.3:cpio-2.13-150400.3.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap Micro 5.4:cpio-2.13-150400.3.3.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap Micro 5.4:cpio-2.13-150400.3.3.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap Micro 5.4:cpio-2.13-150400.3.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

8 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1218571	self
https://www.suse.com/security/cve/CVE-2023-7207/	self
https://www.suse.com/security/cve/CVE-2023-7207	external
https://bugzilla.suse.com/1218571	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for cpio",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for cpio fixes the following issues:\n\n- CVE-2023-7207: Fixed a path traversal issue that could lead to an\n  arbitrary file write during archive extraction (bsc#1218571).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2024-238,SUSE-SLE-Micro-5.3-2024-238,SUSE-SLE-Micro-5.4-2024-238,SUSE-SLE-Micro-5.5-2024-238,SUSE-SLE-Module-Basesystem-15-SP5-2024-238,openSUSE-Leap-Micro-5.3-2024-238,openSUSE-Leap-Micro-5.4-2024-238,openSUSE-SLE-15.5-2024-238",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_0238-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2024:0238-1",
        "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20240238-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2024:0238-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017765.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1218571",
        "url": "https://bugzilla.suse.com/1218571"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-7207 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-7207/"
      }
    ],
    "title": "Security update for cpio",
    "tracking": {
      "current_release_date": "2024-01-26T09:56:42Z",
      "generator": {
        "date": "2024-01-26T09:56:42Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2024:0238-1",
      "initial_release_date": "2024-01-26T09:56:42Z",
      "revision_history": [
        {
          "date": "2024-01-26T09:56:42Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cpio-2.13-150400.3.3.1.aarch64",
                "product": {
                  "name": "cpio-2.13-150400.3.3.1.aarch64",
                  "product_id": "cpio-2.13-150400.3.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "cpio-mt-2.13-150400.3.3.1.aarch64",
                "product": {
                  "name": "cpio-mt-2.13-150400.3.3.1.aarch64",
                  "product_id": "cpio-mt-2.13-150400.3.3.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cpio-2.13-150400.3.3.1.i586",
                "product": {
                  "name": "cpio-2.13-150400.3.3.1.i586",
                  "product_id": "cpio-2.13-150400.3.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "cpio-mt-2.13-150400.3.3.1.i586",
                "product": {
                  "name": "cpio-mt-2.13-150400.3.3.1.i586",
                  "product_id": "cpio-mt-2.13-150400.3.3.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cpio-lang-2.13-150400.3.3.1.noarch",
                "product": {
                  "name": "cpio-lang-2.13-150400.3.3.1.noarch",
                  "product_id": "cpio-lang-2.13-150400.3.3.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cpio-2.13-150400.3.3.1.ppc64le",
                "product": {
                  "name": "cpio-2.13-150400.3.3.1.ppc64le",
                  "product_id": "cpio-2.13-150400.3.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "cpio-mt-2.13-150400.3.3.1.ppc64le",
                "product": {
                  "name": "cpio-mt-2.13-150400.3.3.1.ppc64le",
                  "product_id": "cpio-mt-2.13-150400.3.3.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cpio-2.13-150400.3.3.1.s390x",
                "product": {
                  "name": "cpio-2.13-150400.3.3.1.s390x",
                  "product_id": "cpio-2.13-150400.3.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "cpio-mt-2.13-150400.3.3.1.s390x",
                "product": {
                  "name": "cpio-mt-2.13-150400.3.3.1.s390x",
                  "product_id": "cpio-mt-2.13-150400.3.3.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cpio-2.13-150400.3.3.1.x86_64",
                "product": {
                  "name": "cpio-2.13-150400.3.3.1.x86_64",
                  "product_id": "cpio-2.13-150400.3.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "cpio-mt-2.13-150400.3.3.1.x86_64",
                "product": {
                  "name": "cpio-mt-2.13-150400.3.3.1.x86_64",
                  "product_id": "cpio-mt-2.13-150400.3.3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Micro 5.3",
                "product": {
                  "name": "SUSE Linux Enterprise Micro 5.3",
                  "product_id": "SUSE Linux Enterprise Micro 5.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-micro:5.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Micro 5.4",
                "product": {
                  "name": "SUSE Linux Enterprise Micro 5.4",
                  "product_id": "SUSE Linux Enterprise Micro 5.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-micro:5.4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Micro 5.5",
                "product": {
                  "name": "SUSE Linux Enterprise Micro 5.5",
                  "product_id": "SUSE Linux Enterprise Micro 5.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-micro:5.5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
                  "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-basesystem:15:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap Micro 5.3",
                "product": {
                  "name": "openSUSE Leap Micro 5.3",
                  "product_id": "openSUSE Leap Micro 5.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap-micro:5.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap Micro 5.4",
                "product": {
                  "name": "openSUSE Leap Micro 5.4",
                  "product_id": "openSUSE Leap Micro 5.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap-micro:5.4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.5",
                "product": {
                  "name": "openSUSE Leap 15.5",
                  "product_id": "openSUSE Leap 15.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-2.13-150400.3.3.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
          "product_id": "SUSE Linux Enterprise Micro 5.3:cpio-2.13-150400.3.3.1.aarch64"
        },
        "product_reference": "cpio-2.13-150400.3.3.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-2.13-150400.3.3.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
          "product_id": "SUSE Linux Enterprise Micro 5.3:cpio-2.13-150400.3.3.1.s390x"
        },
        "product_reference": "cpio-2.13-150400.3.3.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-2.13-150400.3.3.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
          "product_id": "SUSE Linux Enterprise Micro 5.3:cpio-2.13-150400.3.3.1.x86_64"
        },
        "product_reference": "cpio-2.13-150400.3.3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-2.13-150400.3.3.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
          "product_id": "SUSE Linux Enterprise Micro 5.4:cpio-2.13-150400.3.3.1.aarch64"
        },
        "product_reference": "cpio-2.13-150400.3.3.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-2.13-150400.3.3.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
          "product_id": "SUSE Linux Enterprise Micro 5.4:cpio-2.13-150400.3.3.1.s390x"
        },
        "product_reference": "cpio-2.13-150400.3.3.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-2.13-150400.3.3.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
          "product_id": "SUSE Linux Enterprise Micro 5.4:cpio-2.13-150400.3.3.1.x86_64"
        },
        "product_reference": "cpio-2.13-150400.3.3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-2.13-150400.3.3.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
          "product_id": "SUSE Linux Enterprise Micro 5.5:cpio-2.13-150400.3.3.1.aarch64"
        },
        "product_reference": "cpio-2.13-150400.3.3.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-2.13-150400.3.3.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
          "product_id": "SUSE Linux Enterprise Micro 5.5:cpio-2.13-150400.3.3.1.s390x"
        },
        "product_reference": "cpio-2.13-150400.3.3.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-2.13-150400.3.3.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
          "product_id": "SUSE Linux Enterprise Micro 5.5:cpio-2.13-150400.3.3.1.x86_64"
        },
        "product_reference": "cpio-2.13-150400.3.3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-2.13-150400.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-2.13-150400.3.3.1.aarch64"
        },
        "product_reference": "cpio-2.13-150400.3.3.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-2.13-150400.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-2.13-150400.3.3.1.ppc64le"
        },
        "product_reference": "cpio-2.13-150400.3.3.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-2.13-150400.3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-2.13-150400.3.3.1.s390x"
        },
        "product_reference": "cpio-2.13-150400.3.3.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-2.13-150400.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-2.13-150400.3.3.1.x86_64"
        },
        "product_reference": "cpio-2.13-150400.3.3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-lang-2.13-150400.3.3.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-lang-2.13-150400.3.3.1.noarch"
        },
        "product_reference": "cpio-lang-2.13-150400.3.3.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-mt-2.13-150400.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-mt-2.13-150400.3.3.1.aarch64"
        },
        "product_reference": "cpio-mt-2.13-150400.3.3.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-mt-2.13-150400.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-mt-2.13-150400.3.3.1.ppc64le"
        },
        "product_reference": "cpio-mt-2.13-150400.3.3.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-mt-2.13-150400.3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-mt-2.13-150400.3.3.1.s390x"
        },
        "product_reference": "cpio-mt-2.13-150400.3.3.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-mt-2.13-150400.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-mt-2.13-150400.3.3.1.x86_64"
        },
        "product_reference": "cpio-mt-2.13-150400.3.3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-2.13-150400.3.3.1.aarch64 as component of openSUSE Leap Micro 5.3",
          "product_id": "openSUSE Leap Micro 5.3:cpio-2.13-150400.3.3.1.aarch64"
        },
        "product_reference": "cpio-2.13-150400.3.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap Micro 5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-2.13-150400.3.3.1.x86_64 as component of openSUSE Leap Micro 5.3",
          "product_id": "openSUSE Leap Micro 5.3:cpio-2.13-150400.3.3.1.x86_64"
        },
        "product_reference": "cpio-2.13-150400.3.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap Micro 5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-2.13-150400.3.3.1.aarch64 as component of openSUSE Leap Micro 5.4",
          "product_id": "openSUSE Leap Micro 5.4:cpio-2.13-150400.3.3.1.aarch64"
        },
        "product_reference": "cpio-2.13-150400.3.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap Micro 5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-2.13-150400.3.3.1.s390x as component of openSUSE Leap Micro 5.4",
          "product_id": "openSUSE Leap Micro 5.4:cpio-2.13-150400.3.3.1.s390x"
        },
        "product_reference": "cpio-2.13-150400.3.3.1.s390x",
        "relates_to_product_reference": "openSUSE Leap Micro 5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-2.13-150400.3.3.1.x86_64 as component of openSUSE Leap Micro 5.4",
          "product_id": "openSUSE Leap Micro 5.4:cpio-2.13-150400.3.3.1.x86_64"
        },
        "product_reference": "cpio-2.13-150400.3.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap Micro 5.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-2.13-150400.3.3.1.aarch64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:cpio-2.13-150400.3.3.1.aarch64"
        },
        "product_reference": "cpio-2.13-150400.3.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-2.13-150400.3.3.1.ppc64le as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:cpio-2.13-150400.3.3.1.ppc64le"
        },
        "product_reference": "cpio-2.13-150400.3.3.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-2.13-150400.3.3.1.s390x as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:cpio-2.13-150400.3.3.1.s390x"
        },
        "product_reference": "cpio-2.13-150400.3.3.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-2.13-150400.3.3.1.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:cpio-2.13-150400.3.3.1.x86_64"
        },
        "product_reference": "cpio-2.13-150400.3.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-lang-2.13-150400.3.3.1.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:cpio-lang-2.13-150400.3.3.1.noarch"
        },
        "product_reference": "cpio-lang-2.13-150400.3.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-mt-2.13-150400.3.3.1.aarch64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:cpio-mt-2.13-150400.3.3.1.aarch64"
        },
        "product_reference": "cpio-mt-2.13-150400.3.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-mt-2.13-150400.3.3.1.ppc64le as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:cpio-mt-2.13-150400.3.3.1.ppc64le"
        },
        "product_reference": "cpio-mt-2.13-150400.3.3.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-mt-2.13-150400.3.3.1.s390x as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:cpio-mt-2.13-150400.3.3.1.s390x"
        },
        "product_reference": "cpio-mt-2.13-150400.3.3.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-mt-2.13-150400.3.3.1.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:cpio-mt-2.13-150400.3.3.1.x86_64"
        },
        "product_reference": "cpio-mt-2.13-150400.3.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-7207",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-7207"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Debian\u0027s cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.3:cpio-2.13-150400.3.3.1.aarch64",
          "SUSE Linux Enterprise Micro 5.3:cpio-2.13-150400.3.3.1.s390x",
          "SUSE Linux Enterprise Micro 5.3:cpio-2.13-150400.3.3.1.x86_64",
          "SUSE Linux Enterprise Micro 5.4:cpio-2.13-150400.3.3.1.aarch64",
          "SUSE Linux Enterprise Micro 5.4:cpio-2.13-150400.3.3.1.s390x",
          "SUSE Linux Enterprise Micro 5.4:cpio-2.13-150400.3.3.1.x86_64",
          "SUSE Linux Enterprise Micro 5.5:cpio-2.13-150400.3.3.1.aarch64",
          "SUSE Linux Enterprise Micro 5.5:cpio-2.13-150400.3.3.1.s390x",
          "SUSE Linux Enterprise Micro 5.5:cpio-2.13-150400.3.3.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-2.13-150400.3.3.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-2.13-150400.3.3.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-2.13-150400.3.3.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-2.13-150400.3.3.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-lang-2.13-150400.3.3.1.noarch",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-mt-2.13-150400.3.3.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-mt-2.13-150400.3.3.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-mt-2.13-150400.3.3.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-mt-2.13-150400.3.3.1.x86_64",
          "openSUSE Leap 15.5:cpio-2.13-150400.3.3.1.aarch64",
          "openSUSE Leap 15.5:cpio-2.13-150400.3.3.1.ppc64le",
          "openSUSE Leap 15.5:cpio-2.13-150400.3.3.1.s390x",
          "openSUSE Leap 15.5:cpio-2.13-150400.3.3.1.x86_64",
          "openSUSE Leap 15.5:cpio-lang-2.13-150400.3.3.1.noarch",
          "openSUSE Leap 15.5:cpio-mt-2.13-150400.3.3.1.aarch64",
          "openSUSE Leap 15.5:cpio-mt-2.13-150400.3.3.1.ppc64le",
          "openSUSE Leap 15.5:cpio-mt-2.13-150400.3.3.1.s390x",
          "openSUSE Leap 15.5:cpio-mt-2.13-150400.3.3.1.x86_64",
          "openSUSE Leap Micro 5.3:cpio-2.13-150400.3.3.1.aarch64",
          "openSUSE Leap Micro 5.3:cpio-2.13-150400.3.3.1.x86_64",
          "openSUSE Leap Micro 5.4:cpio-2.13-150400.3.3.1.aarch64",
          "openSUSE Leap Micro 5.4:cpio-2.13-150400.3.3.1.s390x",
          "openSUSE Leap Micro 5.4:cpio-2.13-150400.3.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-7207",
          "url": "https://www.suse.com/security/cve/CVE-2023-7207"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218571 for CVE-2023-7207",
          "url": "https://bugzilla.suse.com/1218571"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.3:cpio-2.13-150400.3.3.1.aarch64",
            "SUSE Linux Enterprise Micro 5.3:cpio-2.13-150400.3.3.1.s390x",
            "SUSE Linux Enterprise Micro 5.3:cpio-2.13-150400.3.3.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:cpio-2.13-150400.3.3.1.aarch64",
            "SUSE Linux Enterprise Micro 5.4:cpio-2.13-150400.3.3.1.s390x",
            "SUSE Linux Enterprise Micro 5.4:cpio-2.13-150400.3.3.1.x86_64",
            "SUSE Linux Enterprise Micro 5.5:cpio-2.13-150400.3.3.1.aarch64",
            "SUSE Linux Enterprise Micro 5.5:cpio-2.13-150400.3.3.1.s390x",
            "SUSE Linux Enterprise Micro 5.5:cpio-2.13-150400.3.3.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-2.13-150400.3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-2.13-150400.3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-2.13-150400.3.3.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-2.13-150400.3.3.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-lang-2.13-150400.3.3.1.noarch",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-mt-2.13-150400.3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-mt-2.13-150400.3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-mt-2.13-150400.3.3.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-mt-2.13-150400.3.3.1.x86_64",
            "openSUSE Leap 15.5:cpio-2.13-150400.3.3.1.aarch64",
            "openSUSE Leap 15.5:cpio-2.13-150400.3.3.1.ppc64le",
            "openSUSE Leap 15.5:cpio-2.13-150400.3.3.1.s390x",
            "openSUSE Leap 15.5:cpio-2.13-150400.3.3.1.x86_64",
            "openSUSE Leap 15.5:cpio-lang-2.13-150400.3.3.1.noarch",
            "openSUSE Leap 15.5:cpio-mt-2.13-150400.3.3.1.aarch64",
            "openSUSE Leap 15.5:cpio-mt-2.13-150400.3.3.1.ppc64le",
            "openSUSE Leap 15.5:cpio-mt-2.13-150400.3.3.1.s390x",
            "openSUSE Leap 15.5:cpio-mt-2.13-150400.3.3.1.x86_64",
            "openSUSE Leap Micro 5.3:cpio-2.13-150400.3.3.1.aarch64",
            "openSUSE Leap Micro 5.3:cpio-2.13-150400.3.3.1.x86_64",
            "openSUSE Leap Micro 5.4:cpio-2.13-150400.3.3.1.aarch64",
            "openSUSE Leap Micro 5.4:cpio-2.13-150400.3.3.1.s390x",
            "openSUSE Leap Micro 5.4:cpio-2.13-150400.3.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.3:cpio-2.13-150400.3.3.1.aarch64",
            "SUSE Linux Enterprise Micro 5.3:cpio-2.13-150400.3.3.1.s390x",
            "SUSE Linux Enterprise Micro 5.3:cpio-2.13-150400.3.3.1.x86_64",
            "SUSE Linux Enterprise Micro 5.4:cpio-2.13-150400.3.3.1.aarch64",
            "SUSE Linux Enterprise Micro 5.4:cpio-2.13-150400.3.3.1.s390x",
            "SUSE Linux Enterprise Micro 5.4:cpio-2.13-150400.3.3.1.x86_64",
            "SUSE Linux Enterprise Micro 5.5:cpio-2.13-150400.3.3.1.aarch64",
            "SUSE Linux Enterprise Micro 5.5:cpio-2.13-150400.3.3.1.s390x",
            "SUSE Linux Enterprise Micro 5.5:cpio-2.13-150400.3.3.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-2.13-150400.3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-2.13-150400.3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-2.13-150400.3.3.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-2.13-150400.3.3.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-lang-2.13-150400.3.3.1.noarch",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-mt-2.13-150400.3.3.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-mt-2.13-150400.3.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-mt-2.13-150400.3.3.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP5:cpio-mt-2.13-150400.3.3.1.x86_64",
            "openSUSE Leap 15.5:cpio-2.13-150400.3.3.1.aarch64",
            "openSUSE Leap 15.5:cpio-2.13-150400.3.3.1.ppc64le",
            "openSUSE Leap 15.5:cpio-2.13-150400.3.3.1.s390x",
            "openSUSE Leap 15.5:cpio-2.13-150400.3.3.1.x86_64",
            "openSUSE Leap 15.5:cpio-lang-2.13-150400.3.3.1.noarch",
            "openSUSE Leap 15.5:cpio-mt-2.13-150400.3.3.1.aarch64",
            "openSUSE Leap 15.5:cpio-mt-2.13-150400.3.3.1.ppc64le",
            "openSUSE Leap 15.5:cpio-mt-2.13-150400.3.3.1.s390x",
            "openSUSE Leap 15.5:cpio-mt-2.13-150400.3.3.1.x86_64",
            "openSUSE Leap Micro 5.3:cpio-2.13-150400.3.3.1.aarch64",
            "openSUSE Leap Micro 5.3:cpio-2.13-150400.3.3.1.x86_64",
            "openSUSE Leap Micro 5.4:cpio-2.13-150400.3.3.1.aarch64",
            "openSUSE Leap Micro 5.4:cpio-2.13-150400.3.3.1.s390x",
            "openSUSE Leap Micro 5.4:cpio-2.13-150400.3.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-01-26T09:56:42Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-7207"
    }
  ]
}

SUSE-SU-2024:0248-1

Vulnerability from csaf_suse - Published: 2024-01-26 13:09 - Updated: 2024-01-26 13:09

Summary

Security update for cpio

Severity

Moderate

Notes

Title of the patch: Security update for cpio

Patchnames: SUSE-2024-248,SUSE-SLE-SERVER-12-SP5-2024-248

CVE-2023-7207

4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected products

Recommended 10 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:cpio-2.11-36.18.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:cpio-2.11-36.18.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:cpio-2.11-36.18.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:cpio-2.11-36.18.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP5:cpio-lang-2.11-36.18.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:cpio-2.11-36.18.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:cpio-2.11-36.18.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:cpio-2.11-36.18.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:cpio-2.11-36.18.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:cpio-lang-2.11-36.18.1.noarch	—	Vendor Fix

Threats

Impact moderate

References

8 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1218571	self
https://www.suse.com/security/cve/CVE-2023-7207/	self
https://www.suse.com/security/cve/CVE-2023-7207	external
https://bugzilla.suse.com/1218571	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for cpio",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for cpio fixes the following issues:\n\n- CVE-2023-7207: Fixed a path traversal issue that could lead to an\n  arbitrary file write during archive extraction (bsc#1218571).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2024-248,SUSE-SLE-SERVER-12-SP5-2024-248",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_0248-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2024:0248-1",
        "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20240248-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2024:0248-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017771.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1218571",
        "url": "https://bugzilla.suse.com/1218571"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-7207 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-7207/"
      }
    ],
    "title": "Security update for cpio",
    "tracking": {
      "current_release_date": "2024-01-26T13:09:05Z",
      "generator": {
        "date": "2024-01-26T13:09:05Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2024:0248-1",
      "initial_release_date": "2024-01-26T13:09:05Z",
      "revision_history": [
        {
          "date": "2024-01-26T13:09:05Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cpio-2.11-36.18.1.aarch64",
                "product": {
                  "name": "cpio-2.11-36.18.1.aarch64",
                  "product_id": "cpio-2.11-36.18.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cpio-2.11-36.18.1.i586",
                "product": {
                  "name": "cpio-2.11-36.18.1.i586",
                  "product_id": "cpio-2.11-36.18.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cpio-lang-2.11-36.18.1.noarch",
                "product": {
                  "name": "cpio-lang-2.11-36.18.1.noarch",
                  "product_id": "cpio-lang-2.11-36.18.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cpio-2.11-36.18.1.ppc64le",
                "product": {
                  "name": "cpio-2.11-36.18.1.ppc64le",
                  "product_id": "cpio-2.11-36.18.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cpio-2.11-36.18.1.s390",
                "product": {
                  "name": "cpio-2.11-36.18.1.s390",
                  "product_id": "cpio-2.11-36.18.1.s390"
                }
              }
            ],
            "category": "architecture",
            "name": "s390"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cpio-2.11-36.18.1.s390x",
                "product": {
                  "name": "cpio-2.11-36.18.1.s390x",
                  "product_id": "cpio-2.11-36.18.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cpio-2.11-36.18.1.x86_64",
                "product": {
                  "name": "cpio-2.11-36.18.1.x86_64",
                  "product_id": "cpio-2.11-36.18.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-2.11-36.18.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:cpio-2.11-36.18.1.aarch64"
        },
        "product_reference": "cpio-2.11-36.18.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-2.11-36.18.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:cpio-2.11-36.18.1.ppc64le"
        },
        "product_reference": "cpio-2.11-36.18.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-2.11-36.18.1.s390x as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:cpio-2.11-36.18.1.s390x"
        },
        "product_reference": "cpio-2.11-36.18.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-2.11-36.18.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:cpio-2.11-36.18.1.x86_64"
        },
        "product_reference": "cpio-2.11-36.18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-lang-2.11-36.18.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:cpio-lang-2.11-36.18.1.noarch"
        },
        "product_reference": "cpio-lang-2.11-36.18.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-2.11-36.18.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:cpio-2.11-36.18.1.aarch64"
        },
        "product_reference": "cpio-2.11-36.18.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-2.11-36.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:cpio-2.11-36.18.1.ppc64le"
        },
        "product_reference": "cpio-2.11-36.18.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-2.11-36.18.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:cpio-2.11-36.18.1.s390x"
        },
        "product_reference": "cpio-2.11-36.18.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-2.11-36.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:cpio-2.11-36.18.1.x86_64"
        },
        "product_reference": "cpio-2.11-36.18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cpio-lang-2.11-36.18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:cpio-lang-2.11-36.18.1.noarch"
        },
        "product_reference": "cpio-lang-2.11-36.18.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-7207",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-7207"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Debian\u0027s cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5:cpio-2.11-36.18.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5:cpio-2.11-36.18.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5:cpio-2.11-36.18.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5:cpio-2.11-36.18.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP5:cpio-lang-2.11-36.18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:cpio-2.11-36.18.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:cpio-2.11-36.18.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:cpio-2.11-36.18.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:cpio-2.11-36.18.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:cpio-lang-2.11-36.18.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-7207",
          "url": "https://www.suse.com/security/cve/CVE-2023-7207"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218571 for CVE-2023-7207",
          "url": "https://bugzilla.suse.com/1218571"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5:cpio-2.11-36.18.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:cpio-2.11-36.18.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:cpio-2.11-36.18.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:cpio-2.11-36.18.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:cpio-lang-2.11-36.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:cpio-2.11-36.18.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:cpio-2.11-36.18.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:cpio-2.11-36.18.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:cpio-2.11-36.18.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:cpio-lang-2.11-36.18.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5:cpio-2.11-36.18.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:cpio-2.11-36.18.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:cpio-2.11-36.18.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:cpio-2.11-36.18.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP5:cpio-lang-2.11-36.18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:cpio-2.11-36.18.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:cpio-2.11-36.18.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:cpio-2.11-36.18.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:cpio-2.11-36.18.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:cpio-lang-2.11-36.18.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-01-26T13:09:05Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-7207"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-7207 (GCVE-0-2023-7207)

Solutions

Solutions

Tags

Sightings

Nomenclature