Path Traversal in Gnu Tar
CVE-2016-6321
Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitizat…
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.152 (96.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.
Affected products
- Gnu Tar — versions 1.14, 1.15, 1.15.1
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- secalert@redhat.com (mailing-list, Patch, x_refsource_FULLDISC, Mailing List, Third Party Advisory)
- secalert@redhat.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
- secalert@redhat.com (vendor-advisory, x_refsource_GENTOO)
- secalert@redhat.com (mailing-list, x_refsource_FULLDISC, Mailing List, Third Party Advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Patch, Issue Tracking)
- secalert@redhat.com (Vendor Advisory, mailing-list, x_refsource_MLIST, Mailing List)
- secalert@redhat.com (vendor-advisory, x_refsource_DEBIAN)
- secalert@redhat.com (Third Party Advisory, x_refsource_MISC)
- secalert@redhat.com (Exploit, VDB Entry, Third Party Advisory, x_refsource_MISC)
- secalert@redhat.com (x_refsource_UBUNTU, vendor-advisory)
Frequently asked questions
- What is CVE-2016-6321?
- CVE-2016-6321 is a high-severity vulnerability in Gnu Tar, classified under Path Traversal. CVSS score: 7.5/10. Published 2016-12-09.
- How severe is CVE-2016-6321?
- High severity. CVSS v3 base score is 7.5 out of 10.
- Is CVE-2016-6321 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.