Fluid Attacks Database

Description

cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	coreutils	>=0 <4.1.2	4.1.2
debian 14	coreutils	>=0 <4.1.2	4.1.2
debian 11	coreutils	>=0 <4.1.2	4.1.2
debian 12	coreutils	>=0 <4.1.2	4.1.2

Aliases

1. CVE-2007-49982. NVD-2007-49983. OSV-DEBIAN-2007-49984. OSV-2007-49985. SECURITY-TRACKER-CVE-2007-4998

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.