VDB
GCVE-110-MAGEIA-2014-90
GCVE-110-MAGEIA-2014-90
Advisory Published
A directory traversal attack was reported against libtar, a C library for
manipulating tar archives. The application does not validate the filenames
inside the tar archive, allowing to extract files in arbitrary path. An
attacker can craft a tar file to override files beyond the tar_extract_glob
and tar_extract_all prefix parameter (CVE-2013-4420).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | libtar | 0 (affected), 1.2.18-2.2.mga3 (unaffected), 0 (affected), 1.2.18-2.2.mga3 (unaffected) | — |
| Mageia | flash-player-plugin | 0 (affected), 11.2.202.346-1.1.mga4.nonfree (unaffected) | — |
| Mageia | flash-player-plugin | 0 (affected), 11.2.202.346-1.1.mga3.nonfree (unaffected) | — |
| Mageia | libtar | 0 (affected), 1.2.20-2.1.mga4 (unaffected), 0 (affected), 1.2.20-2.1.mga4 (unaffected) | — |
Aliases
References
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.