CVE-2023-7216

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Feb 5, 2024

Updated: Jun 12, 2024

CWE ID 59

CWE ID 22

Summary

CVE-2023-7216 is a newly discovered path traversal vulnerability affecting the CPIO utility. This issue permits a remote, unauthenticated attacker to trick users into opening maliciously crafted archive files. During the extraction process, the CPIO archiver follows symlinks outside of the intended directory, enabling an attacker to write files in arbitrary directories, potentially leading to serious security consequences.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Red Hat Enterprise Linux

Affected Vendors

Red Hat

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uCg4a9
https://www.cve.org/CVERecord?id=CVE-2023-7216
https://nvd.nist.gov/vuln/detail/CVE-2023-7216

Back to Vulnerability Database