PT-2017-7783 · Ruby+1 · Minitar+2

Michal Marek

Published

2017-01-31

Updated

2026-03-13

CVE-2016-10173

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions minitar versions prior to 0.6 archive-tar-minitar version 0.5.2

Description The issue allows remote attackers to write to arbitrary files via a .. (dot dot) in a TAR archive entry. This is a directory traversal vulnerability in the minitar and archive-tar-minitar gems for Ruby.

Recommendations For minitar versions prior to 0.6, update to version 0.6 or later. For archive-tar-minitar version 0.5.2, consider disabling the use of TAR archive entries until a patch is available.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2016-10173

DLA-808-1

DSA-3778-1

GHSA-CWP3-834G-X79G

GHSA-H5G2-38X9-4GV3

MGASA-2017-0060

OPENSUSE-SU-2024:11332-1

OPENSUSE-SU-2024:11338-1

OPENSUSE-SU-2024:13163-1

OPENSUSE-SU-2024:14172-1

OPENSUSE-SU-2025:15121-1

OPENSUSE-SU-2026:10354-1

SUSE-SU-2021:0115-1

SUSE-SU-2021_0115-1

Affected Products

Suse

Archive-Tar-Minitar

Minitar

PT-2017-7783 · Ruby+1 · Minitar+2

CVE-2016-10173

Weakness Enumeration

Related Identifiers

Affected Products

References · 35