CVE-2007-4131

12 documents9 sources

Severity

6.8MEDIUM

EPSS

11.4%

top 6.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU TAR

Timeline

PublishedAug 25

Latest updateMay 1

Description

Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶Debiantar< 1.18-2+3

▶NVDgnu/tar16 versions+15

Patches

Patch: www.redhat.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-43w6-q9mv-9cwf: Directory traversal vulnerability in the contains_dot_dot function in src/names↗2022-05-01

▶

OSV

CVE-2007-4131: Directory traversal vulnerability in the contains_dot_dot function in src/names↗2007-08-25

▶

CVEList

CVE-2007-4131: Directory traversal vulnerability in the contains_dot_dot function in src/names↗2007-08-25

▶

📋Vendor Advisories

BSD

FreeBSD-SA-07:10.gtar: gtar directory traversal vulnerability↗2007-11-29

▶

Ubuntu

tar vulnerability↗2007-08-28

▶

Red Hat

tar directory traversal vulnerability↗2007-08-12

▶

Debian

CVE-2007-4131: tar - Directory traversal vulnerability in the contains_dot_dot function in src/names....↗2007

▶

💬Community

Bugzilla

CVE-2007-4829 perl-Archive-Tar directory traversal flaws↗2007-09-18

▶

Bugzilla

CVE-2007-4131 tar directory traversal vulnerability [FC6]↗2007-08-21

▶

Bugzilla

CVE-2007-4131 tar directory traversal vulnerability [F7]↗2007-08-21

▶

Bugzilla

CVE-2007-4131 tar directory traversal vulnerability↗2007-08-13

▶