PT-2020-6223 · Pear+6 · Archive Tar+6

Luke Stewart

·

Published

2020-11-17

·

Updated

2025-11-07

·

CVE-2020-28949

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Archive Tar versions 1.4.10 and earlier
Description The issue is related to the deserialization of untrusted data in the Archive Tar class of the PEAR PHP library. It allows a remote attacker to overwrite protected files using a specially crafted .tar archive, exploiting the insufficient sanitization of special elements in the output. The vulnerability can be exploited through stream-wrapper attacks, such as using file:// to overwrite files, which are not fully addressed by the :// filename sanitization.
Recommendations For Archive Tar versions 1.4.10 and earlier, consider disabling the use of the Archive Tar class until a patch is available, or restrict access to the vulnerable Archive Tar component to minimize the risk of exploitation. Avoid using the file:// stream wrapper in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Special Elements Injection

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-502

Related Identifiers

ALSA-2022:6542
BDU:2021-03618
BIT-DRUPAL-2020-28948
BIT-DRUPAL-2020-28949
CESA-2022_6542
CVE-2020-28949
DLA-2465-1
DLA-2466-1
DRUPAL-CORE-2020-013
DSA-4817-1
GHSA-75C5-F4GW-38R9
GHSA-JH5X-HFHG-78JQ
MGASA-2020-0453
RHSA-2022:6541
RHSA-2022:6542
RHSA-2022:7340
RHSA-2022_6542
RHSA-2022_7340
RLSA-2022:6542
USN-4654-1
USN-6981-1
USN-6981-2

Affected Products

Almalinux
Archive Tar
Centos
Linuxmint
Red Hat
Rocky Linux
Ubuntu