High severity7.5NVD Advisory· Published Feb 1, 2017· Updated Jun 17, 2026
CVE-2016-10173
CVE-2016-10173
Description
Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. (dot dot) in a TAR archive entry.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
archive-tar-minitarRubyGems | < 0.5.2 | 0.5.2 |
minitarRubyGems | < 0.6 | 0.6 |
Affected products
7- ghsa-coords5 versionspkg:gem/archive-tar-minitarpkg:gem/minitarpkg:rpm/opensuse/ruby3.2-rubygem-minitar&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rubygem-minitar&distro=openSUSE%20Tumbleweedpkg:rpm/suse/rubygem-archive-tar-minitar&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012
< 0.5.2+ 4 more
- (no CPE)range: < 0.5.2
- (no CPE)range: < 0.6
- (no CPE)range: < 0.9-1.13
- (no CPE)range: < 0.9-1.17
- (no CPE)range: < 0.5.2-7.3.65
Patches
Vulnerability mechanics
References
12- www.openwall.com/lists/oss-security/2017/01/24/7nvdMailing ListPatchThird Party AdvisoryWEB
- www.openwall.com/lists/oss-security/2017/01/29/1nvdMailing ListPatchThird Party AdvisoryWEB
- github.com/halostatue/minitar/commit/e25205ecbb6277ae8a3df1e6a306d7ed4458b6e4nvdPatchThird Party AdvisoryWEB
- github.com/halostatue/minitar/issues/16nvdExploitThird Party AdvisoryWEB
- www.securityfocus.com/bid/95874nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-h5g2-38x9-4gv3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-10173ghsaADVISORY
- www.debian.org/security/2017/dsa-3778nvdWEB
- security.gentoo.org/glsa/201702-32nvdWEB
- web.archive.org/web/20170214020917/http://www.securityfocus.com/bid/95874ghsaWEB
- web.archive.org/web/20201207111726/https://www.puppet.com/security/cve/cve-2016-10173ghsaWEB
- puppet.com/security/cve/cve-2016-10173nvd
News mentions
0No linked articles in our index yet.