Thomas Habets

**Name of the Vulnerable Software and Affected Versions** cpio versions prior to 2.13 **Description** The issue is related to the improper validation of input files when generating TAR archives. This can lead to the creation of archives containing files with permissions or in paths that the attacker did not have access to. If a high-privilege user extracts such archives without careful review, it may compromise the system. The vulnerability is also associated with errors in checking the TAR file header, which can allow an attacker to elevate their privileges. **Recommendations** For versions prior to 2.13, update to version 2.13 or later to resolve the issue. As a temporary workaround, consider carefully reviewing TAR archives created from paths that an attacker can write to, before extracting them, especially when done by a high-privilege user. Restrict access to the archive creation process to minimize the risk of exploitation.