Skip to content

803:tar:Arbitrary File Overwrite #16

New issue
New issue
Open
Open
803:tar:Arbitrary File Overwrite#16
Assignees
ambergkim
Labels
highsecurity
@ambergkim

Description

@ambergkim
ambergkim
opened on Feb 15, 2020

No CVE
CWE CWE-59
References: - HackerOne Report
Versions of tar prior to 4.4.2 for 4.x and 2.2.2 for 2.x are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink will overwrite the system's file with the contents of the extracted file.
@ambergkim

Metadata

Metadata

Assignees

Labels

highsecurity

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions