VDB

ALPINE-CVE-2018-12015

ALPINE-CVE-2018-12015 PUBLISHED CVSS 7.5 HIGH

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

Risk Scores

CVSS 3.0
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products

VendorProductVersions
Alpine:v3.10perl5.16.1-r0, 5.18.0-r0, 5.18.1-r0
Alpine:v3.24perl0, 0
Alpine:v3.6perl5.10.0-r1, 0, 5.10.0-r0
Alpine:v3.20perl5.12.2-r1, 0, 0
Alpine:v3.5perl5.14.1-r0, 5.16.2-r0, 0
Alpine:v3.22perl0, 5.26.2-r0, 5.26.1-r1
Alpine:v3.18perl0, 0, 0
Alpine:v3.14perl5.24.0-r0, 0, 5.10.0-r0
Alpine:v3.17perl0, 0, 0
Alpine:v3.12perl0, 5.10.0-r0, 5.10.0-r1
Alpine:v3.15perl5.10.0-r1, 0, 5.10.0-r0
Alpine:v3.13perl5.10.0-r1, 5.10.0-r0, 0
Alpine:v3.16perl5.18.0-r0, 0, 5.10.0-r1
Alpine:v3.11perl5.12.2-r1, 0, 0
Alpine:v3.19perl5.20.2-r0, 5.10.1-r2, 5.12.1-r0
Alpine:v3.8perl5.10.1-r1, 5.10.1-r0, 5.10.0-r1
Alpine:v3.7perl5.24.0-r1, 0, 5.26.2-r0
Alpine:v3.23perl0, 5.10.0-r1, 5.10.1-r0
Alpine:v3.9perl5.18.0-r0, 5.10.1-r0, 5.10.1-r1
Alpine:v3.21perl0, 5.10.0-r0, 5.10.0-r1

Timeline

  • Jun 7, 2018 CVE Published
  • Apr 30, 2026 Distribution Patch
  • Jun 9, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›