View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2016-2037 severity moderate: SUSE including 278 source package names (0.9.1:cpio-2.11-32.1, 1.0.0:cpio-2.11-32.1, …), 353 product×package rows across 78 product lines (Container caasp/v4/default-http-backend, Container caasp/v4/dnsmasq-nanny, … (78 product lines)): Fixed 196, Known Affected 157.
The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.