CVE-2007-4829

2007-11-0216:46:00

CWE-22

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.5

Confidence

Low

EPSS

0.008

Percentile

82.4%

JSON

Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has “…” sequences.

Affected configurations

Nvd

Node

archive\\Matchtar_projectarchive\\tar

Node

canonicalubuntu_linuxMatch6.06lts

canonicalubuntu_linuxMatch7.10

canonicalubuntu_linuxMatch8.04lts

canonicalubuntu_linuxMatch8.10

VendorProductVersionCPE
archive\\tar_projectcpe:2.3:a:archive\:\:tar_project:archive\:\:tar:*:*:*:*:*:perl:*:*
canonicalubuntu_linux6.06cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
canonicalubuntu_linux7.10cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
canonicalubuntu_linux8.04cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
canonicalubuntu_linux8.10cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
archive\	\	tar_project	cpe:2.3:a:archive\:\:tar_project:archive\:\:tar::::::perl::*
canonical	ubuntu_linux	6.06	cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::
canonical	ubuntu_linux	7.10	cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::*
canonical	ubuntu_linux	8.04	cpe:2.3:o:canonical:ubuntu_linux:8.04::::lts:::
canonical	ubuntu_linux	8.10	cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::*