Published: 01/02/2017 Updated: 09/12/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Directory traversal vulnerability in the minitar prior to 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote malicious users to write to arbitrary files via a .. (dot dot) in a TAR archive entry.

Vulnerable Product	Search on Vulmon	Subscribe to Product
minitar archive-tar-minitar
minitar minitar

Debian Bug report logs - #853075 ruby-minitar: CVE-2016-10173: directory traversal vulnerability Package: src:ruby-minitar; Maintainer for src:ruby-minitar is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 29 Jan 20 ...

Directory traversal vulnerability in the minitar before 06 and archive-tar-minitar 052 gems for Ruby allows remote attackers to write to arbitrary files via a (dot dot) in a TAR archive entry ...

CWE-22 https://github.com/halostatue/minitar/issues/16 https://github.com/halostatue/minitar/commit/e25205ecbb6277ae8a3df1e6a306d7ed4458b6e4 http://www.securityfocus.com/bid/95874 http://www.openwall.com/lists/oss-security/2017/01/29/1 http://www.openwall.com/lists/oss-security/2017/01/24/7 https://security.gentoo.org/glsa/201702-32 http://www.debian.org/security/2017/dsa-3778 https://puppet.com/security/cve/cve-2016-10173 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853075 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-10173

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect