Jump to:

CVE-2013-4420

Jump to:

CVE-2013-4420

Package libtar updated to version 1.2.20-alt2.git.6d0ab4c for branch p9 in task 260680.

Published: 2014-02-20
Modified: 2024-11-21

CVE-2013-4420

Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files via a .. (dot dot) in a crafted tar file.

Severity: MEDIUM (5.8)

References:

DSA-2863
DSA-2863
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731860
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731860
[libtar] 20150213 Fw: Re: Validation of file names
[libtar] 20150213 Fw: Re: Validation of file names

Version: 2.1.0

Package libtar update in p9 on 2020-11-02

ALT-PU-2020-3184-1

Closed vulnerabilities

CVE-2013-4420