Vulnerability CVE-2013-4420: Information

Description

Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files via a .. (dot dot) in a crafted tar file.

Severity: MEDIUM (5.8)

URL: https://nvd.nist.gov/vuln/detail/CVE-2013-4420
Published: Feb. 20, 2014
Modified: Feb. 21, 2014
Error type identifier: CWE-22

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
libtarsisyphus1.2.20-alt2.git.6d0ab4c1.2.20-alt4.git.6d0ab4cALT-PU-2020-3172-1260678Fixed
libtarp101.2.20-alt2.git.6d0ab4c1.2.20-alt4.git.6d0ab4cALT-PU-2020-3172-1260678Fixed
libtarp91.2.20-alt2.git.6d0ab4c1.2.20-alt2.git.6d0ab4cALT-PU-2020-3184-1260680Fixed
libtarc10f11.2.20-alt2.git.6d0ab4c1.2.20-alt2.git.6d0ab4cALT-PU-2020-3172-1260678Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731860
    [libtar] 20150213 Fw: Re: Validation of file names
      DSA-2863

          1. Configuration 1

            cpe:2.3:a:feep:libtar:1.2.14:*:*:*:*:*:*:*
            cpe:2.3:a:feep:libtar:1.2.17:*:*:*:*:*:*:*
            cpe:2.3:a:feep:libtar:1.2.13:*:*:*:*:*:*:*
            cpe:2.3:a:feep:libtar:*:*:*:*:*:*:*:*
            End including
            1.2.20
            cpe:2.3:a:feep:libtar:1.2.11:*:*:*:*:*:*:*
            cpe:2.3:a:feep:libtar:1.2.15:*:*:*:*:*:*:*
            cpe:2.3:a:feep:libtar:1.2.19:*:*:*:*:*:*:*
            cpe:2.3:a:feep:libtar:1.2.18:*:*:*:*:*:*:*
            cpe:2.3:a:feep:libtar:1.2.16:*:*:*:*:*:*:*
        VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
        Version: v24.4.2
        Back to top