CVE-2016-10173 (minitar): Minitar Directory Traversal Vulnerability

ADVISORIES

CVE-2016-10173 (NVD)
GHSA-h5g2-38x9-4gv3
Vendor Advisory

GEM

minitar

SEVERITY

CVSS v3.x: 7.5 (High)

PATCHED VERSIONS

>= 0.6.0

DESCRIPTION

Minitar allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename. Analogous vulnerabilities for unzip and tar: https://www.cvedetails.com/cve/CVE-2001-1268/ and http://www.cvedetails.com/cve/CVE-2001-1267/

Credit: ecneladis

https://github.com/halostatue/minitar/issues/16
https://github.com/halostatue/minitar/commit/e25205ecbb6277ae8a3df1e6a306d7ed4458b6e4

RubySec

CVE-2016-10173 (minitar): Minitar Directory Traversal Vulnerability

ADVISORIES

GEM

SEVERITY

PATCHED VERSIONS

DESCRIPTION

RELATED

Recent Advisories