{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T11:47:27.551","vulnerabilities":[{"cve":{"id":"CVE-2015-2304","sourceIdentifier":"cve@mitre.org","published":"2015-03-15T19:59:00.070","lastModified":"2025-04-12T10:46:40.837","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive."},{"lang":"es","value":"Vulnerabilidad de recorrido de directorio absoluto en bsdcpio en libarchive 3.1.2 y anteriores permite a atacantes remotos escribir archivos arbitrarios a través de un nombre completo de ruta en un archivo."}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:P","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:x64:*:*","versionEndIncluding":"3.1.2","matchCriteriaId":"58595970-A83C-4FD0-B505-837B653ADF31"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","matchCriteriaId":"B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","matchCriteriaId":"B5A6F2F3-4894-4392-8296-3B8DD2679084"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*","matchCriteriaId":"49A63F39-30BE-443F-AF10-6245587D3359"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","matchCriteriaId":"A10BC294-9196-425F-9FB0-B1625465B47F"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","matchCriteriaId":"03117DF1-3BEC-4B8D-AD63-DBBDB2126081"}]}]}],"references":[{"url":"http://advisories.mageia.org/MGASA-2015-0106.html","source":"cve@mitre.org"},{"url":"http://lists.opensuse.org/opensuse-updates/2015-03/msg00065.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2015/dsa-3180","source":"cve@mitre.org"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:157","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2015/01/07/5","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://www.openwall.com/lists/oss-security/2015/01/16/7","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id/1035996","source":"cve@mitre.org"},{"url":"http://www.ubuntu.com/usn/USN-2549-1","source":"cve@mitre.org"},{"url":"https://github.com/libarchive/libarchive/commit/59357157706d47c365b2227739e17daba3607526","source":"cve@mitre.org"},{"url":"https://github.com/libarchive/libarchive/pull/110","source":"cve@mitre.org"},{"url":"https://groups.google.com/forum/#%21msg/libarchive-discuss/dN9y1VvE1Qk/Z9uerigjQn0J","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201701-03","source":"cve@mitre.org"},{"url":"https://www.freebsd.org/security/advisories/FreeBSD-SA-16:22.libarchive.asc","source":"cve@mitre.org"},{"url":"http://advisories.mageia.org/MGASA-2015-0106.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.opensuse.org/opensuse-updates/2015-03/msg00065.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2015/dsa-3180","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:157","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2015/01/07/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://www.openwall.com/lists/oss-security/2015/01/16/7","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1035996","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.ubuntu.com/usn/USN-2549-1","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/libarchive/libarchive/commit/59357157706d47c365b2227739e17daba3607526","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/libarchive/libarchive/pull/110","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://groups.google.com/forum/#%21msg/libarchive-discuss/dN9y1VvE1Qk/Z9uerigjQn0J","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-03","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.freebsd.org/security/advisories/FreeBSD-SA-16:22.libarchive.asc","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}