suse · CVE-2016-2037

Quick triage

Priority: medium Published: 2021-05-30 13:38:57 UTC Updated: 2026-04-18 18:00:17 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2016-2037 severity moderate: SUSE including 278 source package names (0.9.1:cpio-2.11-32.1, 1.0.0:cpio-2.11-32.1, …), 353 product×package rows across 78 product lines (Container caasp/v4/default-http-backend, Container caasp/v4/dnsmasq-nanny, … (78 product lines)): Fixed 196, Known Affected 157.

Description:

The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.

cvelogic Threat Intelligence