PT-2017-7783 · Ruby+1 · Minitar+2

Michal Marek

Publicado

2017-01-31

Atualizado

2026-03-13

CVE-2016-10173

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions minitar versions prior to 0.6 archive-tar-minitar version 0.5.2

Description The issue allows remote attackers to write to arbitrary files via a .. (dot dot) in a TAR archive entry. This is a directory traversal vulnerability in the minitar and archive-tar-minitar gems for Ruby.

Recommendations For minitar versions prior to 0.6, update to version 0.6 or later. For archive-tar-minitar version 0.5.2, consider disabling the use of TAR archive entries until a patch is available.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2016-10173

DLA-808-1

DSA-3778-1

GHSA-CWP3-834G-X79G

GHSA-H5G2-38X9-4GV3

MGASA-2017-0060

OPENSUSE-SU-2024:11332-1

OPENSUSE-SU-2024:11338-1

OPENSUSE-SU-2024:13163-1

OPENSUSE-SU-2024:14172-1

OPENSUSE-SU-2025:15121-1

OPENSUSE-SU-2026:10354-1

SUSE-SU-2021:0115-1

SUSE-SU-2021_0115-1

Produtos afetados

Suse

Archive-Tar-Minitar

Minitar

PT-2017-7783 · Ruby+1 · Minitar+2

CVE-2016-10173

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 35