PEAR Archive_Tar: Remote code execution vulnerability

PEAR Archive_Tar: Remote code execution vulnerability A buffer overflow in the PEAR module Archive_Tar might allow local or remote attacker(s) to execute arbitrary code. archive_tar 2020-06-15 2020-06-15 675576 local, remote 1.4.5 1.4.5

This class provides handling of tar files in PHP.

An issue was discovered in the PEAR module Archive_Tar’s handling of file paths within Tar achives.

A local or remote attacker could possibly execute arbitrary code with the privileges of the process.

Avoid handling untrusted Tar files with this package until you have upgraded to a non-vulnerable version.

All PEAR-Archive_Tar users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=dev-php/PEAR-Archive_Tar-1.4.5"

CVE-2018-1000888 BlueKnight sam_c