An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system.
{ "binaries": [ { "binary_name": "bsdcpio", "binary_version": "3.1.2-7ubuntu2.8+esm3" }, { "binary_name": "bsdtar", "binary_version": "3.1.2-7ubuntu2.8+esm3" }, { "binary_name": "libarchive-dev", "binary_version": "3.1.2-7ubuntu2.8+esm3" }, { "binary_name": "libarchive13", "binary_version": "3.1.2-7ubuntu2.8+esm3" } ] }
{ "binaries": [ { "binary_name": "bsdcpio", "binary_version": "3.1.2-11ubuntu0.16.04.8+esm1" }, { "binary_name": "bsdtar", "binary_version": "3.1.2-11ubuntu0.16.04.8+esm1" }, { "binary_name": "libarchive-dev", "binary_version": "3.1.2-11ubuntu0.16.04.8+esm1" }, { "binary_name": "libarchive13", "binary_version": "3.1.2-11ubuntu0.16.04.8+esm1" } ] }
{ "binaries": [ { "binary_name": "bsdcpio", "binary_version": "3.2.2-3.1ubuntu0.7+esm1" }, { "binary_name": "bsdtar", "binary_version": "3.2.2-3.1ubuntu0.7+esm1" }, { "binary_name": "libarchive-dev", "binary_version": "3.2.2-3.1ubuntu0.7+esm1" }, { "binary_name": "libarchive-tools", "binary_version": "3.2.2-3.1ubuntu0.7+esm1" }, { "binary_name": "libarchive13", "binary_version": "3.2.2-3.1ubuntu0.7+esm1" } ] }
{ "binaries": [ { "binary_name": "libarchive-dev", "binary_version": "3.4.0-2ubuntu1.1" }, { "binary_name": "libarchive-tools", "binary_version": "3.4.0-2ubuntu1.1" }, { "binary_name": "libarchive13", "binary_version": "3.4.0-2ubuntu1.1" } ], "availability": "No subscription required" }