Critical severityNVD Advisory· Published Feb 28, 2006· Updated Apr 16, 2026

CVE-2006-0931

Description

Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other versions before 1.3.2, allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a TAR archive.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
pear/archive_tarPackagist	>= 1.2, < 1.3.2	1.3.2

Affected products

Pear/Pear Archive Tar
cpe:2.3:a:pear:pear_archive_tar:*:*:*:*:*:*:*:*
Range: <=1.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/19011nvdVendor Advisory
www.hamid.ir/security/phptar.txtnvdVendor AdvisoryWEB
github.com/advisories/GHSA-f3xw-vgc7-f7h8ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2006-0931ghsaADVISORY
pear.php.net/bugs/bug.phpnvdWEB
pear.php.net/package/Archive_Tar/downloadghsaWEB
pear.php.net/package/Archive_Tar/download/nvd
www.osvdb.org/23481nvd
www.securityfocus.com/archive/1/425967/100/0/threadednvd
www.securityfocus.com/bid/16805nvd
www.vupen.com/english/advisories/2006/0728nvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000