VYPR
Unrated severityNVD Advisory· Published Dec 31, 2005· Updated Jun 16, 2026

CVE-2005-1918

CVE-2005-1918

Description

The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/".

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

15
  • GNU/Tar2 versions
    cpe:2.3:a:gnu:tar:1.13.25:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:gnu:tar:1.13.25:*:*:*:*:*:*:*
    • (no CPE)
  • cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*+ 8 more
    • cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*
    • cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.