Wind River Support Network


LIN1019-7557 : cpio regression due to CVE-2021-38185

Created: Dec 24, 2021    Updated: Apr 5, 2022
Resolved Date: Jan 29, 2022
Found In Version:
Fix Version:
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace


With the CVE-2021-38185 fix applied, cpio no longer accepts an "output
path" longer than 127 characters.


Steps to Reproduce

cd $(mktemp -d) ; touch foo ; echo foo | cpio -pd $(python3 -c
'print("A" * 128)')

If the "output" path is > 127 characters, cpio will simply stall.
Live chat