CVE-2024-0406

MEDIUM

Mholt Archiver < 4.0.0 - Path Traversal

Title source: rule

Description

A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library.

Exploits (2)

nomisec WORKING POC 5 stars

by walidpyh · poc

https://github.com/walidpyh/CVE-2024-0406-POC

View Code ZIP pw:eip

nomisec WORKING POC

by veissa · poc

https://github.com/veissa/Desires

View Code ZIP pw:eip

References (3)

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2025:2449

[Third Party Advisory] https://access.redhat.com/security/cve/CVE-2024-0406

[Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2257749

Scores

CVSS v3 6.1

EPSS 0.1729

EPSS Percentile 95.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N

Details

CWE

CWE-22

Status published

Products (4)

mholt/archiver 3.0.0 (2 CPE variants)Go

mholt/archiver 3.0.0 - 4.0.0

redhat/advanced_cluster_security 3.0

redhat/openshift_container_platform 4.18 - 4.18.4

Published Apr 06, 2024

Tracked Since Feb 18, 2026