QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2024-0406

Back to search

CVE-2024-0406

Published: Apr 6, 2024

Modified: Nov 20, 2025

PUBLISHED

CVSS v3.1

6.1

MEDIUM

Description

A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library.

VendorProductVersions

Unknown

archiver

affected
v3.0.0 - < *
unaffected
v4.0.0 - < *

Red Hat

Red Hat OpenShift Container Platform 4.18

unaffected
v4.18.0-202503051333.p0.g22b273d.assembly.stream.el9 - < *

Red Hat

Red Hat Advanced Cluster Security 3

All versions

Red Hat

Red Hat Advanced Cluster Security 3

All versions

Red Hat

Red Hat Advanced Cluster Security 3

All versions

Red Hat

Red Hat Advanced Cluster Security 4

All versions

Red Hat

Red Hat Advanced Cluster Security 4

All versions

Red Hat

Red Hat Advanced Cluster Security 4

All versions

Weaknesses (CWE)

CWE-22

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

None

References

RHSA-2025:2449
vendor-advisory
x_refsource_REDHAT
RHBZ#2257749
issue-tracking
x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now