Specially crafted tar file can grant access to restricted files or directories
CVE-2024-0406

6.1MEDIUM

Key Information:

Vendor: Red Hat
Status: Mholt; Red Hat Advanced Cluster Security 3; Red Hat Advanced Cluster Security 4; Red Hat Openshift Container Platform 4
Vendor: CVE Published:; 6 April 2024

Summary

A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library.

Affected Version(s)

mholt 4

References

https://access.redhat.com/security/cve/CVE-2024-0406

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2257749

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 6, 2024
Vulnerability Reserved
Jan 10, 2024

Collectors

NVD DatabaseMitre Database

Credit

This issue was discovered by Stefan Cornelius (Red Hat).