CVE-2018-20835

Опубликовано: 30 апр. 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 6.4

EPSS Низкий

Описание

A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content.

Ссылки

https://github.com/mafintosh/tar-fs/commit/06672828e6fa29ac8551b1b6f36c852a9a3c58a2
Patch
Third Party Advisory
https://github.com/mafintosh/tar-fs/compare/d590fc7...a35ce2f
Patch
Third Party Advisory
https://hackerone.com/reports/344595
Exploit
Third Party Advisory
https://github.com/mafintosh/tar-fs/commit/06672828e6fa29ac8551b1b6f36c852a9a3c58a2
Patch
Third Party Advisory
https://github.com/mafintosh/tar-fs/compare/d590fc7...a35ce2f
Patch
Third Party Advisory
https://hackerone.com/reports/344595
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tar-fs_project:tar-fs:*:*:*:*:*:*:*:*

Версия до 1.16.2 (исключая)

EPSS

Процентиль: 41%

0.00189

Низкий

7.5 High

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2018-20835

CVSS3: 7.5

debian

почти 7 лет назад

A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File O ...

GHSA-x2mc-8fgj-3wmr

CVSS3: 7.5

github

почти 7 лет назад

Improper Input Validation in tar-fs

EPSS

Процентиль: 41%

0.00189

Низкий

7.5 High

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-20