CVE-2013-4420
libtar - directory traversal
EPSS 0.38%
Description
Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files via a .. (dot dot) in a crafted tar file.
How to fix CVE-2013-4420
To remediate CVE-2013-4420, upgrade the affected package to a fixed version below.
- Debian/libtar—upgrade to 1.2.20-2 or later
- Debian/libtar—upgrade to 1.2.11-6+deb6u2 or later
Is CVE-2013-4420 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.2.20-2
- from 0, < 1.2.11-6+deb6u2