Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
-
| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| debian/tar | deb | debian | 12 | >=1.34+dfsg-1.2+deb12u1 | Not yet available |
| debian/tar | deb | debian | 13 | >=1.35+dfsg-3 | Not yet available |
| debian/tar | deb | debian | 10 | >=1.30+dfsg-6 | Not yet available |
| debian/tar | deb | debian | unstable | >=1.35+dfsg-3 | Not yet available |
| debian/tar | deb | debian | 11 | >=1.34+dfsg-1+deb11u1 | Not yet available |
Severity and metrics
No CVSS data available from this source.
10
1.0