archive::tar vulnerabilities and exploits

(subscribe to this query)

NA

Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other versions prior to 1.3.2, allows remote malicious users to create and overwrite arbitrary files via certain crafted pathnames in a TAR archive.

Pear Pear Archive Tar

7.5

CVSSv3

Directory traversal vulnerability in the minitar prior to 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote malicious users to write to arbitrary files via a .. (dot dot) in a TAR archive entry.

Minitar Archive-tar-minitar Minitar Minitar

7.1

CVSSv3

In Archive_Tar prior to 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.

Php Archive Tar Debian Debian Linux 9.0 Fedoraproject Fedora 33 Fedoraproject Fedora 34 Fedoraproject Fedora 35

8.8

CVSSv3

PEAR Archive_Tar version 1.4.3 and previous versions contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header['filename']` as parameter (such as file_exists, is_file, is_dir, etc). When extract is called witho...

Php Pear Archive Tar Canonical Ubuntu Linux 18.04 Canonical Ubuntu Linux 18.10 Canonical Ubuntu Linux 16.04 Debian Debian Linux 8.0 Debian Debian Linux 9.0

1 EDB exploit1 Article

7.5

CVSSv3

Tar.php in Archive_Tar up to and including 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.

Php Archive Tar Fedoraproject Fedora 32 Fedoraproject Fedora 33 Fedoraproject Fedora 34 Fedoraproject Fedora 35 Debian Debian Linux 9.0 Debian Debian Linux 10.0 Drupal Drupal

7.8

CVSSv3

Archive_Tar up to and including 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.

Php Archive Tar Debian Debian Linux 9.0 Debian Debian Linux 10.0 Fedoraproject Fedora 32 Fedoraproject Fedora 33 Fedoraproject Fedora 34 Fedoraproject Fedora 35 Drupal Drupal

3 Github repositories

7.8

CVSSv3

Archive_Tar up to and including 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.

Php Archive Tar Debian Debian Linux 9.0 Debian Debian Linux 10.0 Fedoraproject Fedora 32 Fedoraproject Fedora 33 Fedoraproject Fedora 34 Fedoraproject Fedora 35 Drupal Drupal

3 Github repositories

7.5

CVSSv3

In Perl up to and including 5.26.2, the Archive::Tar module allows remote malicious users to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

Canonical Ubuntu Linux 18.04 Canonical Ubuntu Linux 17.10 Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 14.04 Canonical Ubuntu Linux 12.04 Debian Debian Linux 8.0 Debian Debian Linux 9.0 Perl Perl Archive\\ \\ Tar Project Apple Mac Os X Netapp Data Ontap Edge -Netapp Snap Creator Framework -Netapp Oncommand Workflow Automation -Netapp Snapdrive -

NA

Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and previous versions allows user-assisted remote malicious users to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences.

Archive\\ \\ Tar Project Canonical Ubuntu Linux 8.04 Canonical Ubuntu Linux 6.06 Canonical Ubuntu Linux 8.10 Canonical Ubuntu Linux 7.10

Get Started

1 2 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook