CVE-2013-4420

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions libtar versions 1.2.20 and earlier

Description The issue concerns multiple directory traversal vulnerabilities in the tar extract glob and tar extract all functions. These vulnerabilities allow remote attackers to overwrite arbitrary files by including a .. (dot dot) in a crafted tar file.

Recommendations For libtar versions 1.2.20 and earlier, consider disabling the tar extract glob and tar extract all functions until a patch is available to prevent remote attackers from exploiting these vulnerabilities. Restrict access to the tar file processing functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

ALT-PU-2020-3172

ALT-PU-2020-3184

ALT-PU-2025-5034

AZL-34945

AZL-6651

CVE-2013-4420

DSA-2863-1

MGASA-2014-0090

Affected Products

Alt Linux

Libtar

CVE-2013-4420

Weakness Enumeration

Related Identifiers

Affected Products

References · 16