VDB
CVE-2002-0399
CVE-2002-0399
PUBLISHED
Reported by mitre · Published October 1, 2002
Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | *, n/a, n/a |
Timeline
- Oct 1, 2002 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 17, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 1, 2023 EPSS Score
- May 24, 2023 EPSS Score
- Jul 15, 2023 EPSS Score
- Sep 6, 2023 EPSS Score
References
- 47800 vendor-advisoryx_refsource_SUNALERT
- 26673 third-party-advisoryx_refsource_SECUNIA
- RHSA-2002:096 vendor-advisoryx_refsource_REDHAT
- 5834 vdb-entryx_refsource_BID
- SUSE-SR:2007:019 vendor-advisoryx_refsource_SUSE
- SUSE-SR:2006:005 vendor-advisoryx_refsource_SUSE
- ESA-20021003-022 vendor-advisoryx_refsource_ENGARDE
- x_refsource_CONFIRM
- 20020928 GNU tar (Re: Allot Netenforcer problems, GNU TAR flaw) mailing-listx_refsource_BUGTRAQ
- CLA-2002:538 vendor-advisoryx_refsource_CONECTIVA
- 20070827 FLEA-2007-0049-1 tar mailing-listx_refsource_BUGTRAQ
- 26987 third-party-advisoryx_refsource_SECUNIA
- 19130 third-party-advisoryx_refsource_SECUNIA
- 26604 third-party-advisoryx_refsource_SECUNIA
- archive-extraction-directory-traversal(10224) vdb-entryx_refsource_XF
- 1000928 vendor-advisoryx_refsource_SUNALERT
- MDKSA-2002:066 vendor-advisoryx_refsource_MANDRAKE
- 20070825 rPSA-2007-0172-1 tar mailing-listx_refsource_BUGTRAQ