Upstream information
Description
A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
CNA (Red Hat) | National Vulnerability Database | |
---|---|---|
Base Score | 6.1 | 7.8 |
Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Attack Vector | Local | Local |
Attack Complexity | Low | Low |
Privileges Required | None | None |
User Interaction | Required | Required |
Scope | Unchanged | Unchanged |
Confidentiality Impact | Low | High |
Integrity Impact | High | High |
Availability Impact | None | High |
CVSSv3 Version | 3.1 | 3.1 |
SUSE Security Advisories:
- openSUSE-SU-2025:14996-1, published Wed Apr 16 18:50:46 2025
- openSUSE-SU-2025:15004-1, published Thu Apr 17 18:52:12 2025
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2025-14996 openSUSE-Tumbleweed-2025-15004 |
SUSE Timeline for this CVE
CVE page created: Thu Feb 1 19:00:15 2024CVE page last modified: Fri Apr 25 21:57:17 2025