Vulnerability in Gnu Tar
CVE-2006-6097
GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archiv…
EPSS: 0.107 (95.3th percentile) — read the EPSS interpretation.
Affected products
- Gnu Tar — versions 1.15.1, 1.16
- N/a — versions n/a
References
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (x_refsource_OVAL, signature, vdb-entry)
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (x_refsource_SREASON, third-party-advisory)
- cve@mitre.org (US Government Resource, x_refsource_CERT, third-party-advisory)
- cve@mitre.org (Exploit, vdb-entry, x_refsource_BID)
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (mailing-list, Exploit, x_refsource_FULLDISC)
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (vendor-advisory, x_refsource_APPLE)