CVE-2024-0406 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2024-0406 Interim 1 5 2025-12-23T01:51:54Z current 2025-04-15T23:27:11Z 2025-12-23T01:51:54Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2024-0406 A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WDWOGLHCP7BB4S74RDGLKFSALZGMVZWZ/ E-Mail link for openSUSE-SU-2025:14996-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6KWGLCFENU7T4T4H7YR4P6HDEUWVL5XF/ E-Mail link for openSUSE-SU-2025:15004-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 16.0 openSUSE Tumbleweed hauler-1.2.2-1.1 hauler-1.3.1-bp160.1.1 subfinder-2.7.0-2.1 hauler-1.3.1-bp160.1.1 as a component of openSUSE Leap 16.0 hauler-1.2.2-1.1 as a component of openSUSE Tumbleweed subfinder-2.7.0-2.1 as a component of openSUSE Tumbleweed A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library. CVE-2024-0406 openSUSE Leap 16.0:hauler-1.3.1-bp160.1.1 openSUSE Tumbleweed:hauler-1.2.2-1.1 openSUSE Tumbleweed:subfinder-2.7.0-2.1 important 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H