CVE-2018-12015
HIGH severity · CVSS 7.5 · CWE-59
7.5CVSS HIGH
Summary
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionNone
Confidentiality impactNone
Integrity impactHigh
Availability impactNone
Exploit probability (EPSS)8%
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Official patch: https://security.netapp.com/advisory/ntap-20180927-0001/ ↗
Additional information
- NVD record
- https://security.netapp.com/advisory/ntap-20180927-0001/Patch
- http://seclists.org/fulldisclosure/2019/Mar/49Advisory
- http://www.securityfocus.com/bid/104423Advisory
- http://www.securitytracker.com/id/1041048Advisory
- https://access.redhat.com/errata/RHSA-2019:2097
- https://seclists.org/bugtraq/2019/Mar/42Advisory
- https://support.apple.com/kb/HT209600Advisory
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834Advisory