Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) /.. or (2) ./.. string, which removes the leading slash but leaves the .., a variant of CVE-2001-1267.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Tar | Gnu | 1.13.25 | 1.13.25 |