CVSS: 7.5EPSS: 3%CPEs: 6EXPL: 1CVE-2015-2304 – Gentoo Linux Security Advisory 201701-03
https://notcve.org/view.php?id=CVE-2015-2304
15 Mar 2015 — Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive. Vulnerabilidad de recorrido de directorio absoluto en bsdcpio en libarchive 3.1.2 y anteriores permite a atacantes remotos escribir archivos arbitrarios a través de un nombre completo de ruta en un archivo. It was discovered that the libarchive bsdcpio utility extracted absolute paths by default without using the --insecure flag, contrary to ... • http://advisories.mageia.org/MGASA-2015-0106.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2013-0211 – Gentoo Linux Security Advisory 201406-02
https://notcve.org/view.php?id=CVE-2013-0211
30 Sep 2013 — Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow. Error de signo de enteros en la función archive_write_zip_data de archive_write_set_format_zip.c en la versión 3.1.2 y anteriores, cuando se ejecuta... • http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101687.html • CWE-189: Numeric Errors •