tar
Page content
- Author: voroskoi
- Vulnerable: 1.16.1-1
- Unaffected: 1.16.1-2terminus1
A vulnerability has been reported in GNU tar, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to an input validation error when extracting tar archives. This can be exploited to extract files to arbitrary locations outside the specified directory with the permissions of the user running GNU tar by using the “//..” directory traversal sequence in a specially crafted tar archive.
- Bug Tracker URL: http://bugs.frugalware.org/task/2376