Untriaged
Permalink
CVE-2024-0406
6.1 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): HIGH
- Availability impact (A): NONE
Mholt/archiver: path traversal vulnerability
A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library.
References
- https://access.redhat.com/security/cve/CVE-2024-0406 x_refsource_REDHAT vdb-entry
- RHBZ#2257749 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-0406 x_refsource_REDHAT vdb-entry
- RHBZ#2257749 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-0406 x_refsource_REDHAT vdb-entry
- RHBZ#2257749 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-0406 x_refsource_REDHAT vdb-entry
- RHBZ#2257749 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-0406 x_refsource_REDHAT vdb-entry
- RHBZ#2257749 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-0406 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2257749 issue-tracking x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2024-0406 x_refsource_REDHAT vdb-entry
- RHBZ#2257749 issue-tracking x_refsource_REDHAT
- RHBZ#2257749 issue-tracking x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2024-0406 x_refsource_REDHAT vdb-entry x_transferred
- https://access.redhat.com/security/cve/CVE-2024-0406 x_refsource_REDHAT vdb-entry
- RHBZ#2257749 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-0406 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2257749 issue-tracking x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2024-0406 x_refsource_REDHAT vdb-entry
- RHBZ#2257749 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-0406 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2257749 issue-tracking x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2024-0406 x_refsource_REDHAT vdb-entry
- RHBZ#2257749 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-0406 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2257749 issue-tracking x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2024-0406 x_refsource_REDHAT vdb-entry
- RHBZ#2257749 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-0406 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2257749 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2025:2449 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-0406 x_refsource_REDHAT vdb-entry
- RHBZ#2257749 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-0406 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2257749 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2025:2449 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-0406 x_refsource_REDHAT vdb-entry
- RHBZ#2257749 issue-tracking x_refsource_REDHAT
- RHBZ#2257749 issue-tracking x_refsource_REDHAT x_transferred
- https://access.redhat.com/security/cve/CVE-2024-0406 x_refsource_REDHAT vdb-entry x_transferred
- RHSA-2025:2449 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-0406 x_refsource_REDHAT vdb-entry
- RHBZ#2257749 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-0406 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2257749 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2025:2449 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-0406 x_refsource_REDHAT vdb-entry
- RHBZ#2257749 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-0406 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2257749 issue-tracking x_refsource_REDHAT x_transferred
- RHSA-2025:2449 x_refsource_REDHAT vendor-advisory
- https://access.redhat.com/security/cve/CVE-2024-0406 x_refsource_REDHAT vdb-entry
- RHBZ#2257749 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2024-0406 x_refsource_REDHAT vdb-entry x_transferred
- RHBZ#2257749 issue-tracking x_refsource_REDHAT x_transferred
Affected products
mholt
- ==4
archiver
- *
- *
openshift4/oc-mirror-plugin-rhel8
openshift4/oc-mirror-plugin-rhel9
- *
advanced-cluster-security/rhacs-main-rhel8
advanced-cluster-security/rhacs-roxctl-rhel8
advanced-cluster-security/rhacs-scanner-rhel8
Matching in nixpkgs
pkgs.archiver
Easily create & extract archives, and compress & decompress files of various formats
-
nixos-unstable -
- nixpkgs-unstable 3.5.1
pkgs.xarchiver
GTK frontend to 7z,zip,rar,tar,bzip2, gzip,arj, lha, rpm and deb (open and extract only)
-
nixos-unstable -
- nixpkgs-unstable 0.5.4.26
pkgs.fsarchiver
File system archiver for linux
-
nixos-unstable -
- nixpkgs-unstable 0.8.8
pkgs.the-unarchiver
Unpacks archive files
-
nixos-unstable -
- nixpkgs-unstable 4.3.9
pkgs.lxqt.lxqt-archiver
Archive tool for the LXQt desktop environment
-
nixos-unstable -
- nixpkgs-unstable 1.2.0
pkgs.CuboCore.corearchiver
Archiver from the C Suite to create and extract archives
-
nixos-unstable -
- nixpkgs-unstable 5.0.0
pkgs.wayback-machine-archiver
Python script to submit web pages to the Wayback Machine for archiving
-
nixos-unstable -
- nixpkgs-unstable 1.9.1
pkgs.python312Packages.nskeyedunarchiver
Unserializes plist data into a usable Python dict
-
nixos-unstable -
- nixpkgs-unstable 1.5.2
pkgs.python313Packages.nskeyedunarchiver
Unserializes plist data into a usable Python dict
-
nixos-unstable -
- nixpkgs-unstable 1.5.2
Package maintainers
-
@kalbasit Wael Nasreddine <wael.nasreddine@gmail.com>
-
@jchv John Chadwick <johnwchadwick@gmail.com>
-
@romildo José Romildo Malaquias <malaquias@gmail.com>
-
@PapayaJackal PapayaJackal
-
@xiaoxiangmoe ZHAO JinXiang <xiaoxiangmoe@gmail.com>
-
@D4ndellion Daniel Olsen <daniel@dodsorf.as>