CVE-2013-4420

EPSS 0.38%

libtar - directory traversal

Published: 2/20/2014Modified: 4/28/2026

Description

Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files via a .. (dot dot) in a crafted tar file.

Affected packages (2)

Debian/libtarfrom 0, < 1.2.20-2
Debian/libtarfrom 0, < 1.2.11-6+deb6u2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-4420