Lucene search

K

Veracode Vulnerability DatabaseVERACODE:24064

HistoryApr 10, 2020 - 12:45 a.m.

Arbitrary File Write

2020-04-1000:45:30

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

14

EPSS

0.008

Percentile

82.4%

perl-archive-tar is vulnerable to arbitrary file write. The vulnerability exists as multiple directory traversal flaws were discovered in the Archive::Tar module. A specially-crafted tar file could cause a Perl script, using the Archive::Tar module to extract the archive, to overwrite an arbitrary file writable by the user running the script.

References

cpansearch.perl.org/src/KANE/Archive-Tar-1.39_01/CHANGES

osvdb.org/40410

rt.cpan.org/Public/Bug/Display.html?id=29517

rt.cpan.org/Public/Bug/Display.html?id=30380

secunia.com/advisories/27539

secunia.com/advisories/33116

secunia.com/advisories/33314

www.gentoo.org/security/en/glsa/glsa-200812-10.xml

www.redhat.com/security/updates/classification/#moderate

www.securityfocus.com/bid/26355

www.ubuntu.com/usn/usn-700-1

www.ubuntu.com/usn/usn-700-2

www.vupen.com/english/advisories/2007/3755

access.redhat.com/errata/RHSA-2010:0505

bugzilla.redhat.com/show_bug.cgi?id=295021

exchange.xforce.ibmcloud.com/vulnerabilities/38285

issues.rpath.com/browse/RPL-1716

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11658

EPSS

0.008

Percentile

82.4%

Related for VERACODE:24064

openvas18 prion1 nessus8 gentoo1 seebug1 cvelist1 oraclelinux1 centos1 cve1 redhat1 fedora2 ubuntucve1 nvd1 debiancve1 ubuntu2