CVE-2018-20835

Exploit

EPSS 0.19%
Veröffentlicht 30.04.2019 19:29:03
Zuletzt bearbeitet 21.11.2024 04:02:16
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tar-fs Project ≫ Tar-fs Version < 1.16.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.402

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:N/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://hackerone.com/reports/344595

Third Party Advisory

Exploit

https://github.com/mafintosh/tar-fs/commit/06672828e6fa29ac8551b1b6f36c852a9a3c58a2

Patch

Third Party Advisory

https://github.com/mafintosh/tar-fs/compare/d590fc7...a35ce2f

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-20835

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-20835

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-20835

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2018-20835