VYPR
Unrated severityNVD Advisory· Published Aug 25, 2007· Updated Jun 16, 2026

CVE-2007-4131

CVE-2007-4131

Description

Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

17
  • GNU/Tar17 versions
    cpe:2.3:a:gnu:tar:1.13:*:*:*:*:*:*:*+ 16 more
    • cpe:2.3:a:gnu:tar:1.13:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:tar:1.13.11:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:tar:1.13.14:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:tar:1.13.16:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:tar:1.13.17:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:tar:1.13.18:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:tar:1.13.19:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:tar:1.13.25:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:tar:1.13.5:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:tar:1.14:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:tar:1.14.90:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:tar:1.15:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:tar:1.15.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:tar:1.15.90:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:tar:1.15.91:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:tar:1.16:*:*:*:*:*:*:*
    • (no CPE)

Patches

Vulnerability mechanics

References

38

News mentions

0

No linked articles in our index yet.