Directory Traversal Vulnerability in GNU Tar by GNU
CVE-2002-0399

Currently unrated

Key Information:

Vendor
Gnu
Status
Vendor
CVE Published:
10 October 2002

Summary

A directory traversal flaw exists in GNU Tar versions from 1.13.19 to 1.13.25, allowing attackers to manipulate file paths during the extraction of archives. By exploiting this vulnerability, it is possible for an attacker to overwrite arbitrary files on the system. This occurs when attackers use path traversing techniques, such as including '/..' or './..' in the file paths, which can lead to unintended file modifications. Proper sanitization of input paths is crucial to prevent such vulnerabilities during archive extraction.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.