Symbolic Link Vulnerability in GNU Tar by Free Software Foundation
CVE-2006-6097
Currently unrated
Summary
GNU Tar versions 1.16, 1.15.1, and potentially others, are susceptible to a file overwrite vulnerability that can be exploited by user-assisted attackers. This occurs through a crafted tar file, which incorporates a GNUTYPE_NAMES record featuring a symbolic link. The flawed handling in the extract_archive function within extract.c and the extract_mangle function in mangle.c allows attackers to overwrite arbitrary files, posing a serious risk to affected systems.
References
EPSS Score
7% chance of being exploited in the next 30 days.
Timeline
Vulnerability published
Vulnerability Reserved