Vulnerability CVE-2018-20990


Published: 2019-08-26

Description:
An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive.

Type:

CWE-59

(Improper Link Resolution Before File Access ('Link Following'))

Vendor: Tar project
Product: TAR 
Version:
0.4.9
0.4.8
0.4.7
0.4.6
0.4.5
0.4.4
0.4.3
0.4.2
0.4.15
0.4.14
0.4.13
0.4.12
0.4.11
0.4.10
0.4.1
0.4.0
0.3.4
0.3.3
0.3.2
0.3.1
0.3.0
0.2.9
0.2.8
0.2.7
0.2.6
0.2.5
0.2.4
0.2.2
0.2.14
0.2.13
0.2.12
0.2.11
0.2.10
0.2.1
0.1.9
0.1.8
0.1.7
0.1.6
0.1.11
0.1.10
0.1.0

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.4/10
4.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial

 References:
https://rustsec.org/advisories/RUSTSEC-2018-0002.html

Copyright 2019, cxsecurity.com

 

Back to Top