DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2015-1197.  Reason: This candidate is a duplicate of CVE-2015-1197.  Notes: All CVE users should reference CVE-2015-1197 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.

** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2015-1197.  Reason: This candidate is a duplicate of CVE-2015-1197.  Notes: All CVE users should reference CVE-2015-1197 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.

true

false

It was found that the cpio --no-absolute-filenames option since version 2.7 did not verify paths during extraction. A specially crafted cpio archive could bypass this option and write to an arbitrary location, outside of the extraction directory.

DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2015-1197.  Reason: This candidate is a duplicate of CVE-2015-1197.  Notes: All CVE users should reference CVE-2015-1197 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.

https://lists.gnu.org/archive/html/bug-cpio/2017-06/msg00001.html [No Types Assigned]

https://bugzilla.redhat.com/show_bug.cgi?id=1539685 [No Types Assigned]