CVE-2002-0399

Name of the Vulnerable Software and Affected Versions GNU tar versions 1.13.19 through 1.13.25

Description The issue concerns a directory traversal vulnerability that can be exploited to overwrite arbitrary files during archive extraction. This can be achieved via a "/.." or "./.." string, which removes the leading slash but leaves the "..". The vulnerability can be exploited remotely, potentially leading to a breach of protected information integrity.

Recommendations For GNU tar versions 1.13.19 through 1.13.25, consider restricting access to the archive extraction functionality until a patch is available. As a temporary workaround, avoid using the vulnerable versions for extracting archives from untrusted sources.