CNNVD-202507-1672 Information

Jul 11, 2025 cve

CNNVD ID

CNNVD-202507-1672

CVE-2025-45582

CNNVD Published: 2025-07-11

Description (Chinese)

GNU Tar是美国GNU社区的一套用于创建tar格式文件的工具。 GNU Tar 1.35及之前版本存在安全漏洞，该漏洞源于特制TAR存档中的目录遍历，可能导致文件覆盖。

Description (English)

GNU Tar is a set of tools for the GNU community in the United States to create documents in tar format. There is a security loophole in GNU Tar 1.35 and previous versions, which stems from the history of the directories in the specially created TAR archive, which may lead to document coverage.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

GNU

Published

2025-07-11

Last Modified

2026-02-24

References

https://lists.gnu.org/archive/html/bug-tar/2025-08/msg00012.html https://www.gnu.org/software/tar/manual/html_node/Security-rules-of-thumb.html https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md https://www.gnu.org/software/tar/manual/html_node/Integrity.html https://access.redhat.com/security/cve/cve-2025-45582 https://nvd.nist.gov/vuln/detail/CVE-2025-45582

Share on: