Published: 19/11/2020 Updated: 07/11/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 606

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Archive_Tar up to and including 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php archive tar
debian debian linux 9.0
debian debian linux 10.0
fedoraproject fedora 32
fedoraproject fedora 33
fedoraproject fedora 34
fedoraproject fedora 35
drupal drupal

Synopsis Moderate: php:74 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the php:74 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as ...

Synopsis Moderate: php-pear security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for php-pear is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a ...

Synopsis Moderate: php:74 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the php:74 module is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Security ...

Debian Bug report logs - #980428 Disallow symlinks to out-of-path filenames (CVE-2020-36193) Package: php-pear; Maintainer for php-pear is Debian PHP Maintainers <team+pkg-php@trackerdebianorg>; Source for php-pear is src:php-pear (PTS, buildd, popcon) Reported by: David Prévot <taffit@debianorg> Date: Tue, 19 Ja ...

Debian Bug report logs - #976108 php-pear: CVE-2020-28948 CVE-2020-28949 Package: src:php-pear; Maintainer for src:php-pear is Debian PHP Maintainers <team+pkg-php@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 29 Nov 2020 19:51:02 UTC Severity: grave Tags: security, upstream F ...

Two vulnerabilities were discovered in the PEAR Archive_Tar package for handling tar files in PHP, potentially allowing a remote attacker to execute arbitrary code or overwrite files For the stable distribution (buster), these problems have been fixed in version 1:1106+submodules+notgz-11+deb10u1 We recommend that you upgrade your php-pear pac ...

Archive_Tar through 1410 allows an unserialization attack because phar: is blocked but PHAR: is not blocked (CVE-2020-28948) Archive_Tar through 1410 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed (CVE-2020-28949) ...

CVE-2020-28948-and-CVE-2020-28949 pear/Archive_Tar#33 cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2020-28948 for more learn iblackhatcom/us-18/Thu-August-9/us-18-Thomas-Its-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-Know-Itpdf

POC for CVE-2020-28948 & CVE-2020-28949 The files here contain PoC for CVE-2020-28948 & CVE-2020-28949 to achieve remote exploit The server The server folder contains a simple upload server which uses the vulnerable Archive_Tar library, located in server/Archive The server accepts a Tar archive from the user, extracts and store it in the server/uploads/ folder

CVE-2020-28948 POC Link: githubcom/0x240x23elu/CVE-2020-28948-and-CVE-2020-28949

CWE-502 https://github.com/pear/Archive_Tar/issues/33 https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html https://www.drupal.org/sa-core-2020-013 https://www.debian.org/security/2020/dsa-4817 https://security.gentoo.org/glsa/202101-23 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/https://access.redhat.com/errata/RHSA-2022:6542 https://nvd.nist.gov https://www.debian.org/security/2020/dsa-4817

CVE-2020-28948

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect