CVE-2002-0399 in tarinfo

Summary

Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

ID	Vulnerability	CWE	Exp	Cou	CVE
19040	GNU tar path traversal	22	Not defined	Official fix	CVE-2002-0399

Disclosure

10/10/2002

Status

Confirmed

Entries

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2002-0399
NVD	https://nvd.nist.gov/vuln/detail/CVE-2002-0399
CVE Details	https://www.cvedetails.com/cve/CVE-2002-0399/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!