Directory Traversal Vulnerability in GNU tar
CVE-2007-4131
Currently unrated
Summary
The vulnerability in GNU tar arises from improper handling of directory symlinks, enabling a user-assisted remote attacker to overwrite arbitrary files through crafted TAR archive inputs. The exploit leverages specific sequences of '//' followed by '..' to traverse directories, posing a serious threat to system integrity. Users of affected versions are urged to upgrade and implement preventative measures to mitigate risks associated with this vulnerability.
References
EPSS Score
8% chance of being exploited in the next 30 days.
Timeline
Vulnerability published
Vulnerability Reserved