VDB
CVE-2007-4134
CVE-2007-4134
PUBLISHED
CVSS 6.800000190734863 MEDIUM
Directory traversal vulnerability in extract.c in star before 1.5a84 allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
EPSS 2.78% · 86.4th percentile
Risk Scores
CVSS 2.0
6.800000190734863
EPSS Score
2.78%
86.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
| redhat | fedora | 7 |
Timeline
- Aug 30, 2007 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 27, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 3, 2023 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 26, 2023 EPSS Score
References
- GLSA-200710-23 vendor-advisory
- 26626 third-party-advisory
- http://support.avaya.com/elmodocs2/security/ASA-2007-414.htm url
- 26673 third-party-advisory
- 20070907 FLEA-2007-0051-1 star mailing-list
- oval:org.mitre.oval:def:11098 vdb
- RHSA-2007:0873 vendor-advisory
- 26857 third-party-advisory
- https://issues.rpath.com/browse/RPL-1669 url
- https://bugs.gentoo.org/show_bug.cgi?id=189690 url
- 1018646 vdb
- 20070901-01-P vendor-advisory
- 26672 third-party-advisory
- ftp://ftp.berlios.de/pub/star/alpha/AN-1.5a84 url
- FEDORA-2007-1852 vendor-advisory
- 27544 third-party-advisory
- 27318 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2007-4134 advisory