CVE-2018-20835Improper Input Validation in Project Tar-fs

CWE-20Improper Input Validation4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 60.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tar-fs Project Tar-fsDebian Node-tar-fs
Timeline
PublishedApr 30
Latest updateMay 1

Description

A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDtar-fs_project/tar-fs< 1.16.2
npmtar-fs_project/tar-fs< 1.16.2

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
Improper Input Validation in tar-fs2019-05-01
OSV
Improper Input Validation in tar-fs2019-05-01

📋Vendor Advisories

1
Debian
CVE-2018-20835: node-tar-fs - A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File Overwrite i...2018