CVE-2023-31483

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-31483

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-31483.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-31483

Published

2023-04-28T23:15:08.520Z

Modified

2025-11-20T12:17:35.413383Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

tar/TarFileReader.cpp in Cauldron cbang before bastet-v8.1.17 has a directory traversal during extraction that allows the attacker to create or write to files outside the current directory via a crafted tar archive.

References

Affected packages

Git / github.com/cauldrondevelopmentllc/cbang

Affected ranges

Type: GIT
Repo: https://github.com/cauldrondevelopmentllc/cbang
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ac8bbdd5bb93c01679a881f5962fed800bf29e58

Affected versions

1.*

1.0

1.0.1

1.1.0

1.2.0

1.3.0

1.3.1

1.3.2

1.3.3

1.4.0

1.5.0

1.5.1

1.6.0

1.6.1

1.7.0

1.7.1

1.7.2

1.8.0

bastet-v8.*

bastet-v8.0.0

bastet-v8.1.10

bastet-v8.1.11

bastet-v8.1.12

bastet-v8.1.13

bastet-v8.1.14

bastet-v8.1.15

bastet-v8.1.16

bastet-v8.1.3

bastet-v8.1.4

bastet-v8.1.5

bastet-v8.1.6

bastet-v8.1.7

bastet-v8.1.8

bastet-v8.1.9

fah-client-7.*

fah-client-7.5.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-31483.json"

vanir_signatures

[
    {
        "deprecated": false,
        "id": "CVE-2023-31483-6938088e",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "248809763106823929045673295528469931865",
                "302834939270177787068920080780130319681",
                "261312379780139830290303071512795370168",
                "152933423043478215379843668103778253618"
            ]
        },
        "source": "https://github.com/cauldrondevelopmentllc/cbang/commit/ac8bbdd5bb93c01679a881f5962fed800bf29e58",
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "src/cbang/tar/TarFileReader.cpp"
        }
    },
    {
        "deprecated": false,
        "id": "CVE-2023-31483-76b98d93",
        "digest": {
            "length": 902.0,
            "function_hash": "56145185516166654192135155185458878544"
        },
        "source": "https://github.com/cauldrondevelopmentllc/cbang/commit/ac8bbdd5bb93c01679a881f5962fed800bf29e58",
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "file": "src/cbang/tar/TarFileReader.cpp",
            "function": "TarFileReader::extract"
        }
    }
]