Directory traversal vulnerability in GNU tar 1.13.19 up to and including 1.13.25, and possibly later versions, allows malicious users to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnu tar 1.13.25 |