CVE-2020-28948

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Archive Tar versions 1.4.10 and earlier

Description The issue allows an unserialization attack because phar: is blocked but PHAR: is not blocked. This can be exploited by a remote attacker to execute arbitrary PHP code using a specially crafted .tar archive. The vulnerability is related to the restoration of an untrusted data structure in memory.

Recommendations For Archive Tar versions 1.4.10 and earlier, consider disabling the use of PHAR: until a patch is available. As a temporary workaround, restrict the use of the Archive Tar class to minimize the risk of exploitation. Avoid using specially crafted .tar archives that could trigger the unserialization attack.

Exploit

Fix

Special Elements Injection

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-502

Related Identifiers

ALSA-2022:6542

ALSA-2022_6542

BDU:2021-03621

BIT-DRUPAL-2020-28948

BIT-DRUPAL-2020-28949

CESA-2022_6542

CVE-2020-28948

DLA-2465-1

DLA-2466-1

DLA-2621-1

DRUPAL-CORE-2020-013

DSA-4817-1

ELSA-2022-6542

ELSA-2022-7340

GHSA-75C5-F4GW-38R9

GHSA-JH5X-HFHG-78JQ

MGASA-2020-0453

RHSA-2022:6541

RHSA-2022:6542

RHSA-2022:7340

RHSA-2022_6542

RHSA-2022_7340

RLSA-2022:6542

RLSA-2022_6542

USN-4654-1

USN-6981-1

USN-6981-2

Affected Products

Almalinux

Archive Tar

Centos

Linuxmint

Red Hat

Rocky Linux

Ubuntu

CVE-2020-28948

Weakness Enumeration

Related Identifiers

Affected Products

References · 88