CVE-2013-4420

2014-02-2016:55:05

CWE-22

redhat

web.nvd.nist.gov

cve-2013-4420

directory traversal

libtar

vulnerability

tar file

remote attackers

nvd

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

AI Score

6.6

Confidence

Low

EPSS

0.003

Percentile

71.6%

JSON

Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files via a … (dot dot) in a crafted tar file.

Affected configurations

Nvd

Node

feeplibtarRange≤1.2.20

feeplibtarMatch1.2.11

feeplibtarMatch1.2.13

feeplibtarMatch1.2.14

feeplibtarMatch1.2.15

feeplibtarMatch1.2.16

feeplibtarMatch1.2.17

feeplibtarMatch1.2.18

feeplibtarMatch1.2.19

VendorProductVersionCPE
feeplibtar1.2.18cpe:/a:feep:libtar:1.2.18:::
feeplibtarcpe:/a:feep:libtar::::
feeplibtar1.2.14cpe:/a:feep:libtar:1.2.14:::
feeplibtar1.2.17cpe:/a:feep:libtar:1.2.17:::
feeplibtar1.2.19cpe:/a:feep:libtar:1.2.19:::
feeplibtar1.2.13cpe:/a:feep:libtar:1.2.13:::
feeplibtar1.2.11cpe:/a:feep:libtar:1.2.11:::
feeplibtar1.2.15cpe:/a:feep:libtar:1.2.15:::
feeplibtar1.2.16cpe:/a:feep:libtar:1.2.16:::

Vendor	Product	Version	CPE
feep	libtar	1.2.18	cpe:/a:feep:libtar:1.2.18:::
feep	libtar		cpe:/a:feep:libtar::::
feep	libtar	1.2.14	cpe:/a:feep:libtar:1.2.14:::
feep	libtar	1.2.17	cpe:/a:feep:libtar:1.2.17:::
feep	libtar	1.2.19	cpe:/a:feep:libtar:1.2.19:::
feep	libtar	1.2.13	cpe:/a:feep:libtar:1.2.13:::
feep	libtar	1.2.11	cpe:/a:feep:libtar:1.2.11:::
feep	libtar	1.2.15	cpe:/a:feep:libtar:1.2.15:::
feep	libtar	1.2.16	cpe:/a:feep:libtar:1.2.16:::