Описание
A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.
Меры по смягчению последствий
To mitigate this issue, avoid extracting archives from untrusted sources. If processing untrusted archives is necessary, do so within a sandboxed environment to limit potential impact.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | tar | Fix deferred | ||
| Red Hat Enterprise Linux 6 | tar | Fix deferred | ||
| Red Hat Enterprise Linux 7 | tar | Fix deferred | ||
| Red Hat Enterprise Linux 8 | tar | Fix deferred | ||
| Red Hat Enterprise Linux 9 | tar | Fix deferred | ||
| Red Hat Hardened Images | tar | Affected |
Показывать по
Дополнительная информация
Статус:
5 Medium
CVSS3
Связанные уязвимости
A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.
A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.
A flaw was found in tar. A remote attacker could exploit this vulnerab ...
A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.
5 Medium
CVSS3