CVE-2013-4420
EPSS 0.38%libtar - directory traversal
發布日:2014/2/20修改日:2026/3/9
描述
Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files via a .. (dot dot) in a crafted tar file.
受影響套件(2)
- Debian/libtarfrom 0, < 1.2.20-2
- Debian/libtarfrom 0, < 1.2.11-6+deb6u2