Directory Traversal Vulnerability in GNU tar
CVE-2007-4131

Currently unrated

Key Information:

Vendor
Gnu
Status
Vendor
CVE Published:
25 August 2007

Summary

The vulnerability in GNU tar arises from improper handling of directory symlinks, enabling a user-assisted remote attacker to overwrite arbitrary files through crafted TAR archive inputs. The exploit leverages specific sequences of '//' followed by '..' to traverse directories, posing a serious threat to system integrity. Users of affected versions are urged to upgrade and implement preventative measures to mitigate risks associated with this vulnerability.

References

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.