Vulnerability Database

296,147

Total vulnerabilities in the database

CVE-2007-4131

Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.

Published: Aug 25, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-4131
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
gnu / tar	1.13	1.13.x
gnu / tar	1.13.5	1.13.5.x
gnu / tar	1.13.11	1.13.11.x
gnu / tar	1.13.14	1.13.14.x
gnu / tar	1.13.16	1.13.16.x
gnu / tar	1.13.17	1.13.17.x
gnu / tar	1.13.18	1.13.18.x
gnu / tar	1.13.19	1.13.19.x
gnu / tar	1.13.25	1.13.25.x
gnu / tar	1.14	1.14.x
gnu / tar	1.14.90	1.14.90.x
gnu / tar	1.15	1.15.x
gnu / tar	1.15.1	1.15.1.x
gnu / tar	1.15.90	1.15.90.x
gnu / tar	1.15.91	1.15.91.x
gnu / tar	1.16	1.16.x