Jump to:

CVE-2013-4420

Jump to:

CVE-2013-4420

Package libtar updated to version 1.2.20-alt2.git.6d0ab4c for branch sisyphus in task 260678.

Published: 2014-02-20
Modified: 2024-11-21

CVE-2013-4420

Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files via a .. (dot dot) in a crafted tar file.

Severity: MEDIUM (5.8)

References:

DSA-2863
DSA-2863
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731860
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731860
[libtar] 20150213 Fw: Re: Validation of file names
[libtar] 20150213 Fw: Re: Validation of file names

Version: 2.1.0

Package libtar update in sisyphus on 2020-10-30

ALT-PU-2020-3172-1

Closed vulnerabilities

CVE-2013-4420