CVE-2002-0399

8 documents5 sources

Severity

5.0MEDIUM

EPSS

1.2%

top 21.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU TAR

Timeline

PublishedOct 10

Latest updateApr 30

Description

Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDgnu/tar1.13.25

🔴Vulnerability Details

GHSA

GHSA-c6fq-h555-8326: Directory traversal vulnerability in GNU tar 1↗2022-04-30

▶

CVEList

CVE-2002-0399: Directory traversal vulnerability in GNU tar 1↗2002-10-01

▶

📋Vendor Advisories

Red Hat

tar archive path traversal issue↗2003-07-21

▶

Red Hat

security flaw↗2002-09-30

▶

💬Community

Bugzilla

CVE-2002-0399 security flaw↗2018-08-16

▶

Bugzilla

CVE-2007-4829 perl-Archive-Tar directory traversal flaws↗2007-09-18

▶

Bugzilla

Multiple tar issues (CVE-2005-1918, CVE-2006-0300)↗2006-03-02

▶