CVE-2024-0406

MEDIUM

mholt/archiver 3.0.0-4.0.0 - Path Traversal and Arbitrary File Write via Crafted Tar Archive

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-0406. PoCs published by walidpyh, veissa.

AI-analyzed exploit summary This repository contains a functional Python-based PoC for CVE-2024-0406, demonstrating a symlink-based tar archive extraction vulnerability that allows arbitrary file overwrite via path traversal. The exploit generates a malicious tar archive with a symlink and payload, then uploads it to a target endpoint.

Description

A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library.

Exploits (2)

nomisec WORKING POC 5 stars

by walidpyh · poc

https://github.com/walidpyh/CVE-2024-0406-POC

View Code ZIP pw:eip

This repository contains a functional Python-based PoC for CVE-2024-0406, demonstrating a symlink-based tar archive extraction vulnerability that allows arbitrary file overwrite via path traversal. The exploit generates a malicious tar archive with a symlink and payload, then uploads it to a target endpoint.

Classification

Working Poc 95%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: Applications using mholt/archiver/v3 3.5.0 and prior

Auth required

Prerequisites: Target system must use vulnerable tar extraction library · Ability to upload crafted tar archive to target

MITRE ATT&CK

T1005 - Data from Local System T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC

by veissa · poc

https://github.com/veissa/Desires

View Code ZIP pw:eip

This repository contains a functional exploit PoC for CVE-2024-0406, demonstrating an archive extraction vulnerability in a Go-based web service. The exploit leverages insecure file handling during archive extraction to achieve arbitrary file write, potentially leading to remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Custom Go web service (Desires challenge)

Auth required

Prerequisites: Valid user credentials · Ability to upload malicious archive files

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:2449

Third Party Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2024-0406

Third Party Advisory issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2257749

Scores

CVSS v3 6.1

EPSS 0.2206

EPSS Percentile 95.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (4)

mholt/archiver 3.0.0 (2 CPE variants)Go

mholt/archiver 3.0.0 - 4.0.0

redhat/advanced_cluster_security 3.0

redhat/openshift_container_platform 4.18 - 4.18.4

Published Apr 06, 2024

Tracked Since Feb 18, 2026