CVE-2007-4476
cpio - programming error
EPSS 12.2%
Description
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
How to fix CVE-2007-4476
To remediate CVE-2007-4476, upgrade the affected package to a fixed version below.
- Debian/cpio—upgrade to 2.9-5 or later
- Debian/cpio—upgrade to 2.6-18.1+etch1 or later
- Debian/tar—upgrade to 1.18-1 or later
Is CVE-2007-4476 being exploited?
Moderate — EPSS is 12.2%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (3)
- from 0, < 2.9-5
- from 0, < 2.6-18.1+etch1
- from 0, < 1.18-1