Vulnerability Description
A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mholt | Archiver | >= 3.0.0, < 4.0.0 |
| Redhat | Advanced Cluster Security | 3.0 |
| Redhat | Openshift Container Platform | >= 4.18, < 4.18.4 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2025:2449Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2024-0406Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2257749Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2024-0406Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2257749Third Party Advisory
FAQ
What is CVE-2024-0406?
CVE-2024-0406 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. Thi...
How severe is CVE-2024-0406?
CVE-2024-0406 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-0406?
Check the references section above for vendor advisories and patch information. Affected products include: Mholt Archiver, Redhat Advanced Cluster Security, Redhat Openshift Container Platform.