Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-39810

An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal.

Published

2023-08-28T19:15:07.893

Last Modified

2025-04-24T20:15:31.303

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	busybox	busybox	1.30.1	Yes
Application	busybox	busybox	1.33.2	Yes

References

http://busybox.com Broken Link ([email protected])
https://www.pentagrid.ch/en/blog/busybox-cpio-directory-traversal-vulnerability/ Third Party Advisory ([email protected])
http://busybox.com Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2025/04/23/1 (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2025/04/23/2 (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2025/04/23/3 (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2025/04/24/2 (af854a3a-2127-422b-91ae-364da2661108)
https://www.pentagrid.ch/en/blog/busybox-cpio-directory-traversal-vulnerability/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)