CVE-2007-4829 — Path Traversal in Perl

CWE-22 — Path Traversal13 documents7 sources

Severity

6.8MEDIUMNVD

EPSS

2.2%

top 15.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Perl Debian Perl Canonical Ubuntu Linux

Timeline

PublishedNov 2

Latest updateMay 1

Description

Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶debiandebian/perl< perl 5.10.0-19 (bookworm)

▶Debianperl/perl< 5.10.0-19+3

Also affects: Ubuntu Linux 6.06, 7.10, 8.04, 8.10

🔴Vulnerability Details

GHSA

GHSA-rwhc-g7xj-h37q: Directory traversal vulnerability in the Archive::Tar Perl module 1↗2022-05-01

▶

OSV

CVE-2007-4829: Directory traversal vulnerability in the Archive::Tar Perl module 1↗2007-11-02

▶

📋Vendor Advisories

Ubuntu

Perl regression↗2009-01-15

▶

Ubuntu

Perl vulnerabilities↗2008-12-24

▶

Red Hat

perl-Archive-Tar directory traversal flaws↗2007-08-24

▶

Debian

CVE-2007-4829: perl - Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earli...↗2007

▶

💬Community

Bugzilla

CVE-2018-10860 perl-Archive-Zip: Directory traversal in Archive::Zip↗2018-06-14

▶

Bugzilla

CVE-2007-4829 perl-Archive-Tar directory traversal flaws [Fdevel]↗2007-11-02

▶

Bugzilla

CVE-2007-4829 perl-Archive-Tar directory traversal flaws [F8]↗2007-11-02

▶

Bugzilla

CVE-2007-4829 perl-Archive-Tar directory traversal flaws [FC6]↗2007-10-02

▶

Bugzilla

CVE-2007-4829 perl-Archive-Tar directory traversal flaws [F7]↗2007-10-02

▶