Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-0406

A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library.

Published

2024-04-06T17:15:07.127

Last Modified

2025-04-25T15:02:44.233

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

Weaknesses

Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mholt	archiver	< 4.0.0	Yes
Application	redhat	advanced_cluster_security	3.0	Yes
Application	redhat	openshift_container_platform	< 4.18.4	Yes

References

https://access.redhat.com/errata/RHSA-2025:2449 Third Party Advisory ([email protected])
https://access.redhat.com/security/cve/CVE-2024-0406 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2257749 Third Party Advisory ([email protected])
https://access.redhat.com/security/cve/CVE-2024-0406 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2257749 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)