Symbolic Link Vulnerability in GNU Tar by Free Software Foundation
CVE-2006-6097

Currently unrated

Key Information:

Vendor
Gnu
Status
Vendor
CVE Published:
24 November 2006

Summary

GNU Tar versions 1.16, 1.15.1, and potentially others, are susceptible to a file overwrite vulnerability that can be exploited by user-assisted attackers. This occurs through a crafted tar file, which incorporates a GNUTYPE_NAMES record featuring a symbolic link. The flawed handling in the extract_archive function within extract.c and the extract_mangle function in mangle.c allows attackers to overwrite arbitrary files, posing a serious risk to affected systems.

References

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.