CVE-2005-1918
EPSS 2.1%Published: 12/31/2005Modified: 4/28/2026
Description
The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/".
Affected packages (1)
- Debian/tarfrom 0, < 1.14-2.2