VULHUB ™

GNU 'tar' 1.13.25 contains a vulnerability in the handling of pathnames for archived files. By specifying a path for an archived item that points outside the expected directory scope, the creator of the archive can cause the file to be extracted to arbitrary locations on the filesystem, including paths containing system binaries and other sensitive or confidential information. An attacker could use this to create or overwrite binaries in any desired location. This issue is a variant of the vulnerability described in BID 3024. It is not known whether earlier versions are also affected by this variant.

GNU 'tar' 1.13.25 contains a vulnerability in the handling of pathnames for archived files. By specifying a path for an archived item that points outside the expected directory scope, the creator of the archive can cause the file to be extracted to arbitrary locations on the filesystem, including paths containing system binaries and other sensitive or confidential information. An attacker could use this to create or overwrite binaries in any desired location. This issue is a variant of the vulnerability described in BID 3024. It is not known whether earlier versions are also affected by this variant.