Unrated severityNVD Advisory· Published Mar 15, 2015· Updated Jun 17, 2026
CVE-2015-2304
CVE-2015-2304
Description
Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
32cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:x64:*:*+ 1 more
- cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:x64:*:*range: <=3.1.2
- (no CPE)range: <=3.1.2
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
- osv-coords25 versionspkg:rpm/opensuse/bsdtar&distro=openSUSE%20Tumbleweedpkg:rpm/suse/bsdtar&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/bsdtar&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSSpkg:rpm/suse/bsdtar&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/bsdtar&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/bsdtar&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/bsdtar&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/bsdtar&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/bsdtar&distro=SUSE%20Manager%202.1pkg:rpm/suse/bsdtar&distro=SUSE%20Manager%20Proxy%202.1pkg:rpm/suse/bsdtar&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/bsdtar&distro=SUSE%20Studio%20Onsite%201.3pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/libarchive&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2
< 3.2.2-2.1+ 24 more
- (no CPE)range: < 3.2.2-2.1
- (no CPE)range: < 2.5.5-9.1
- (no CPE)range: < 2.5.5-9.1
- (no CPE)range: < 2.5.5-9.1
- (no CPE)range: < 2.5.5-9.1
- (no CPE)range: < 2.5.5-9.1
- (no CPE)range: < 2.5.5-9.1
- (no CPE)range: < 2.5.5-9.1
- (no CPE)range: < 2.5.5-9.1
- (no CPE)range: < 2.5.5-9.1
- (no CPE)range: < 2.5.5-9.1
- (no CPE)range: < 2.5.5-9.1
- (no CPE)range: < 3.1.2-9.1
- (no CPE)range: < 3.1.2-25.1
- (no CPE)range: < 3.1.2-25.1
- (no CPE)range: < 3.1.2-9.1
- (no CPE)range: < 3.1.2-25.1
- (no CPE)range: < 3.1.2-25.1
- (no CPE)range: < 3.1.2-25.1
- (no CPE)range: < 3.1.2-9.1
- (no CPE)range: < 3.1.2-25.1
- (no CPE)range: < 3.1.2-25.1
- (no CPE)range: < 3.1.2-9.1
- (no CPE)range: < 3.1.2-25.1
- (no CPE)range: < 3.1.2-25.1
Patches
Vulnerability mechanics
References
13- www.openwall.com/lists/oss-security/2015/01/07/5nvdExploit
- advisories.mageia.org/MGASA-2015-0106.htmlnvd
- lists.opensuse.org/opensuse-updates/2015-03/msg00065.htmlnvd
- www.debian.org/security/2015/dsa-3180nvd
- www.mandriva.com/security/advisoriesnvd
- www.openwall.com/lists/oss-security/2015/01/16/7nvd
- www.securitytracker.com/id/1035996nvd
- www.ubuntu.com/usn/USN-2549-1nvd
- github.com/libarchive/libarchive/commit/59357157706d47c365b2227739e17daba3607526nvd
- github.com/libarchive/libarchive/pull/110nvd
- groups.google.com/forum/nvd
- security.gentoo.org/glsa/201701-03nvd
- www.freebsd.org/security/advisories/FreeBSD-SA-16:22.libarchive.ascnvd
News mentions
0No linked articles in our index yet.