CVE-2020-28949

HIGH KEV RANSOMWARE

Archive_Tar <1.4.10 - Code Injection

Title source: llm

Description

Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.

Exploits (2)

vulncheck_xdb WORKING POC

client-side

https://github.com/JinHao-L/PoC-for-CVE-2020-28948-CVE-2020-28949

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by gwillcox-r7, xorathustra · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/fileformat/archive_tar_arb_file_write.rb

View Code ZIP pw:eip

References (13)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/161095/PEAR-Archive_Tar-Arbitrary-File-Write.html

[Exploit, Issue Tracking, Vendor Advisory] https://github.com/pear/Archive_Tar/issues/33

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4V35LBRM6HBCXBVCITKQ4UEBTXO2EG7B/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KSFM672XW3X6BR7TVKRD63SLZGKK437/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWM4CTMEGAC4I2CHYNJVSROY4CVXVEUT/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NBYZSHYTIOBK6V7C4N7TP6KIKCRKLVWP/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/

[Third Party Advisory] https://security.gentoo.org/glsa/202101-23

[Mailing List, Third Party Advisory] https://www.debian.org/security/2020/dsa-4817

[Third Party Advisory] https://www.drupal.org/sa-core-2020-013

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-28949

Scores

CVSS v3 7.8

EPSS 0.9296

EPSS Percentile 99.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2022-08-25

VulnCheck KEV 2022-08-25

InTheWild.io 2022-08-25

ENISA EUVD EUVD-2021-0783

Ransomware Use Confirmed

Classification

Status published

Affected Products (9)

php/archive_tar < 1.4.12

debian/debian_linux

fedoraproject/fedora

drupal/drupal < 7.75

pear/archive_tar < 1.4.11Packagist

Timeline

Published Nov 19, 2020

KEV Added Aug 25, 2022

Tracked Since Feb 18, 2026