Sign In

CVE-2018-20834

ADVISORY - github

Summary

Versions of tar prior to 4.4.2 for 4.x and 2.2.2 for 2.x are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink will overwrite the system's file with the contents of the extracted file.

Recommendation

For tar 4.x, upgrade to version 4.4.2 or later. For tar 2.x, upgrade to version 2.2.2 or later.

EPSS Score: 0.00762 (0.730)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-59

Improper Link Resolution Before File Access ('Link Following')

ADVISORY - github

CWE-59

Improper Link Resolution Before File Access ('Link Following')

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-59

Improper Link Resolution Before File Access ('Link Following')

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-59

Improper Link Resolution Before File Access ('Link Following')

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in