{"id":"CVE-2023-7207","details":"Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.","modified":"2026-03-14T15:02:42.440831Z","published":"2024-02-29T01:42:59.920Z","related":["SUSE-SU-2024:0238-1","SUSE-SU-2024:0248-1","SUSE-SU-2024:0305-1","SUSE-SU-2024:0305-2","SUSE-SU-2024:0305-3","SUSE-SU-2024:0824-1","SUSE-SU-2024:0825-1","openSUSE-SU-2024:13653-1"],"references":[{"type":"ADVISORY","url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7207"},{"type":"REPORT","url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163"},{"type":"FIX","url":"https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=376d663340a9dc91c91a5849e5713f07571c1628"},{"type":"ARTICLE","url":"https://www.openwall.com/lists/oss-security/2023/12/21/8"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2024/01/05/1"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2.13"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-7207.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"}]}