CVE-2005-2541

6 documents6 sources

Severity

10.0CRITICAL

EPSS

3.8%

top 11.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU TAR

Timeline

PublishedAug 10

Latest updateMay 1

Description

Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDgnu/tar1.15.1

🔴Vulnerability Details

GHSA

GHSA-vwpx-f983-qg79: Tar 1↗2022-05-01

▶

CVEList

CVE-2005-2541: Tar 1↗2005-08-10

▶

OSV

CVE-2005-2541: Tar 1↗2005-08-10

▶

📋Vendor Advisories

Red Hat

tar: does not properly warn the user when extracting setuid or setgid files↗2005-08-04

▶

Debian

CVE-2005-2541: tar - Tar 1.15.1 does not properly warn the user when extracting setuid or setgid file...↗2005

▶