CVE-2002-0399

GNU Tar - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267.

References (18)

Scores

EPSS 0.0120
EPSS Percentile 78.7%

Classification

Status draft

Affected Products (1)

gnu/tar

Timeline

Published Oct 10, 2002
Tracked Since Feb 18, 2026