What is CVE-2002-0399?

CVE-2002-0399 is a vulnerability in Gnu Tar. Published 2002-10-10.

Is CVE-2002-0399 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Gnu Tar

CVE-2002-0399

Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slas…

EPSS: 0.036 (87.9th percentile) — read the EPSS interpretation.

Affected products

Gnu Tar — versions 1.13.25
N/a — versions n/a

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

cve@mitre.org (vendor-advisory, x_refsource_SUNALERT)
cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
cve@mitre.org (x_refsource_REDHAT, vendor-advisory)
cve@mitre.org (vdb-entry, x_refsource_BID)
cve@mitre.org (vendor-advisory, x_refsource_SUSE)
cve@mitre.org (vendor-advisory, x_refsource_SUSE)
cve@mitre.org (vendor-advisory, x_refsource_ENGARDE)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (vendor-advisory, x_refsource_CONECTIVA)

Frequently asked questions

What is CVE-2002-0399?: CVE-2002-0399 is a vulnerability in Gnu Tar. Published 2002-10-10.
Is CVE-2002-0399 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.