CVE-2015-2304
libarchive < 3.1.2 - Path Traversal and Arbitrary File Write via bsdcpio Full Pathname
Title source: llmDescription
Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.
References (13)
Core 13
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1035996
Third Party Advisory x_refsource_confirm
http://advisories.mageia.org/MGASA-2015-0106.html
Patch x_refsource_confirm
https://github.com/libarchive/libarchive/commit/59357157706d47c365b2227739e17daba3607526
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-03/msg00065.html
Issue Tracking x_refsource_confirm
https://github.com/libarchive/libarchive/pull/110
Vendor Advisory vendor-advisory
x_refsource_freebsd
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:22.libarchive.asc
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/01/16/7
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3180
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2549-1
Mailing List x_refsource_confirm
https://groups.google.com/forum/#%21msg/libarchive-discuss/dN9y1VvE1Qk/Z9uerigjQn0J
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201701-03
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2015:157
Exploit mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/01/07/5
Scores
EPSS
0.0298
EPSS Percentile
86.7%
Details
CWE
CWE-22
Status
published
Products (6)
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
14.10
libarchive/libarchive
< 3.1.2
opensuse/opensuse
13.1
opensuse/opensuse
13.2
Published
Mar 15, 2015
Tracked Since
Feb 18, 2026