CVE-2007-4134

CWE-22 — Path Traversal7 documents5 sources

Severity

6.8MEDIUM

EPSS

2.0%

top 16.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Fedora

Timeline

PublishedAug 30

Latest updateMay 3

Description

Directory traversal vulnerability in extract.c in star before 1.5a84 allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages0 packages

Also affects: Fedora 7

Patches

Patch: www.redhat.com ↗Patch: bugs.gentoo.org ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-vh55-9p6r-h46f: Directory traversal vulnerability in extract↗2022-05-03

▶

CVEList

CVE-2007-4134: Directory traversal vulnerability in extract↗2007-08-30

▶

📋Vendor Advisories

Red Hat

star directory traversal vulnerability↗2007-08-21

▶

💬Community

Bugzilla

CVE-2007-4134 star directory traversal vulnerability [F7]↗2007-08-24

▶

Bugzilla

CVE-2007-4134 star directory traversal vulnerability [FC6]↗2007-08-24

▶

Bugzilla

CVE-2007-4134 star directory traversal vulnerability↗2007-08-22

▶