VDB
JLSEC-2025-197
JLSEC-2025-197
PUBLISHED
CVSS 8.5 HIGH
GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a c...
Risk Scores
CVSS 4.0
8.5
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Julia | Tar_jll | 0, 0 |
Timeline
- Nov 3, 2025 CVE Published
- Nov 6, 2025 CVE Updated
References
- https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md url
- https://lists.gnu.org/archive/html/bug-tar/2025-08/msg00012.html url
- https://www.gnu.org/software/tar/ url
- https://www.gnu.org/software/tar/manual/html_node/Integrity.html url
- https://www.gnu.org/software/tar/manual/html_node/Security-rules-of-thumb.html url
- http://www.openwall.com/lists/oss-security/2025/11/01/6 url